Bug #9926
closed
LdapError: unsupported encryption method with LDAP auth source
Added by Alexandre Barth over 9 years ago.
Updated over 6 years ago.
Description
I've juste upgraded from 1.8.0 RC1 to 1.8.0 RC2, when i want to login using an ldap account, i get the following error :
Started POST "/users/login" for 192.168.0.1 at 2015-03-27 14:42:32 +0100
2015-03-27 14:42:32 [I] Processing by UsersController#login as HTML
2015-03-27 14:42:32 [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZOnsMh5ABcz6MEzjE4wRrcLEvnMeYm6hHk+1hnxsUg8=", "login"=>{"login"=>"alexandre.barth", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2015-03-27 14:42:32 [W] Operation FAILED: LdapError: unsupported encryption method
2015-03-27 14:42:32 [I] Rendered common/500.html.erb within layouts/application (3.7ms)
2015-03-27 14:42:32 [I] Rendered layouts/base.html.erb (1.3ms)
2015-03-27 14:42:32 [I] Completed 500 Internal Server Error in 15ms (Views: 6.4ms | ActiveRecord: 1.7ms)
This was working in 1.8.0 RC1 and all previous versions.
- Subject changed from no more Ldap connection to LdapError: unsupported encryption method with LDAP auth source
- Category set to Authentication
Is your LDAP auth source in Foreman configured with SSL?
- Related to Bug #9885: CVE-2015-1816 - LDAP server SSL certificate not verified added
Dominic Cleal wrote:
Ah, I wonder if we're constructing this badly then and all of :encryption should be nil rather than just :method here: https://github.com/theforeman/foreman/blob/1.8.0-RC2/app/models/auth_sources/auth_source_ldap.rb#L83
The work around that I am using is to just comment out the encryption_config for now:
- method = tls ? :simple_tls : nil
- { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
end
def encryption_config
My LDAP w/o SSL is working again.
def encryption_config
# method = tls ? :simple_tls : nil
# { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
end
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2271 added
- Pull request deleted (
Marek Hulán wrote:
Oh, the hash is used only for simple_tls and start_tls, otherwise encryption is set to nil, I missed this. Alex, could you please test the patch in https://github.com/theforeman/foreman/pull/2271? It should fix it for you but keep SSL working.
That seems to be working. Also note, I use LDAP with out SSL. So I can't test if LDAPS is working still or not.
- Assignee set to Marek Hulán
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by