Christiano, try adding the following to your ldap.conf file: TLS_REQCERT never
This fixed it for me. In my case, I use a locally-generated certificate and its CA was not recognized by the LDAP client. Good Luck! On Fri, Sep 1, 2017 at 9:52 PM, Christiano Liberato < christianoliber...@gmail.com> wrote: > Hi, > > I already tried it anyway but my SSP does not connect to AD Microsoft. > Here's my settings: > > # LDAP > $ldap_url = "ldaps://*MailScanner warning: numerical links are often > malicious:* 192.168.19.3 <http://192.168.19.3>"; > $ldap_starttls = false; > $ldap_binddn = "cn=Administrator,ou=Users,dc=contoso,dc=local"; > $ldap_bindpw = "p@ssw0rd"; > $ldap_base = "dc=contoso,dc=local"; > $ldap_login_attribute = "sAMAccountName"; > $ldap_fullname_attribute = "cn"; > $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!( > userAccountControl:1.2.840.113556.1.4.803:=2)))"; > $ad_mode = true; > $who_change_password = "manager"; > > /etc/ldap/ldap.conf > > # TLS certificates (needed for GnuTLS) > TLS_CACERT /etc/ssl/certs/ca-certificates.crt > > BASE dc=contoso,dc=local > URI ldaps://*MailScanner warning: numerical links are often > malicious:* 192.168.19.3 <http://192.168.19.3> > TLS_CERT /etc/ssl/certs/certificate.cer > > The certificate.cer was exported from AD with Base-64 encoded X.509 (.CER) > > /var/log/apache/error.log > LDAP - Bind error -1 (Can't contact LDAP server) > > > I wonder if something is missing in the configuration. > Thanks!! > > _______________________________________________ > ltb-users mailing list > ltb-users@lists.ltb-project.org > https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users > -- *Gray D. McCord* "Adapt, mutate, migrate, or die." - C. Darwin
_______________________________________________ ltb-users mailing list ltb-users@lists.ltb-project.org https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
