Hello P,
thank you for your answer.
Yes, that is the only document I found that names "SSL Verify Mode". It
just says to set it to NONE. No other explanation given.
As I said if I set it to NONE it works, but since I have no info, I
think this way the server certificate checking is just ignored...
Regards,
Massimiliano Ballerini
On 25/04/23 12:29, P.Thirunavukkarasu wrote:
Installation Guide (packetfence.org)
<https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_google_workspace_ldap_integration>
Plz go thro the above link. It is for the Google Workspace configuration
Here you may find the answer for your questions
Regards,
Thirunavukkarasu
On Thu, Apr 20, 2023 at 11:09 PM Massimiliano Ballerini via
PacketFence-users <packetfence-users@lists.sourceforge.net> wrote:
Hello,
I have a production environment that uses Active Directory
Authentication Source. I just upgraded to 12.1 from version 8 and
noticed this select mode option "SSL Verify Mode".
I can't find much on the documentation about this field. I set it to
NONE and I use LDAPS with port 636: everything works fine.
I have my Domain Controller LDAP CA certificate and I want
packetfence
to check server side LDAPS certificate. I see a tab with
"Certificates",
but there are some client side certificate options and if I try to
add
the CA it doesn't work, so maybe not what I'm looking for.
If I set the option "SSL Verify Mode" to REQUIRE then in the log I
see a
fail in certificate checking and the source is not working anymore.
I installed the CA certificate on the server in
/usr/local/share/ca-certificates and run update-ca-certificates,
and now
Debian OS has the CA, but the certificate check fails anyway if the
field is set to REQUIRE.
I'm actually just curious: is there any explanation about the "SSL
Verify Mode" I may have missed on how should it work? The fact
there is
an OPTIONAL setting it make me think it is about client side cert and
not server side check. Am I right?
Regards,
Massimiliano Ballerini
--
Massimiliano Ballerini
Laboratori Guglielmo Marconi
Via Porrettana, 123 - 40037 Pontecchio Marconi (BO)
e-mail: massimiliano.baller...@labs.it
web: http://www.labs.it
mob: +39 349 2600513
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_---------------------------------------------------------------------------------_
*_TANUVAS_*
*The contents of this message are confidential and are not be
shared with outside parties without prior permission*
--
Massimiliano Ballerini
Laboratori Guglielmo Marconi
Via Porrettana, 123 - 40037 Pontecchio Marconi (BO)
e-mail:massimiliano.baller...@labs.it
web:http://www.labs.it
mob: +39 349 2600513
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
