search

Crivaledaz / Mattermost-LDAP

This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
MIT License
359 stars 71 forks source link

How to use SSL with ldaps #53

Open PierreTecher-honhon opened 4 years ago

PierreTecher-honhon commented 4 years ago

Hello,

Describe the bug While using the application, I get an error message on functions of .php script.

mattermostldap      | 172.24.0.1 - - [25/Jun/2020:11:41:40 +0200] "GET /oauth/index.php HTTP/1.0" 200 2950 "https://mysite/oauth/connexion.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
mattermostldap      | 172.24.0.1 - - [25/Jun/2020:11:41:48 +0200] "POST /oauth/connexion.php HTTP/1.0" 200 2655 "https://mysite/oauth/index.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
mattermostldap      | [25-Jun-2020 11:41:48] WARNING: [pool www] child 2187 said into stderr: "NOTICE: PHP message: PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/mattermost-ldap/oauth/LDAP/LDAP.php on line 109"
mattermostldap      | [Thu Jun 25 11:41:48.786188 2020] [proxy_fcgi:error] [pid 319:tid 139847666681600] [client 172.24.0.1:53932] AH01071: Got error 'PHP message: PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/mattermost-ldap/oauth/LDAP/LDAP.php on line 109', referer: https://mysite/oauth/index.php

The most interesting log is the ldap_bind one, where I would like to understand how to use my configuration SSL with ldaps.

To Reproduce Here's my configuration to reproduce the error. ldap_host : ldaps://mysite/ ldap_port : 636

Mattermost_port : 8000

Expected behavior I expected to be able to connect with ldap credentials. What did I get wrong ?

Regards, Pierre

Crivaledaz commented 4 years ago

Hi,

As stated in issue #54, Mattermost-LDAP should support ldaps if the certificate exposed by the LDAP server is trusted by the LDAP client used by PHP on the Oauth server.

In case of a certificate issue, you get the error ldap_bind(): Unable to bind to server: Can't contact LDAP server. To confirm this is a certificate issue, and not a general connection problem, you can try with standard LDAP on port 389, it should be working.

Moreover, you can add the following line before the ldap_connect() line 40 in the oauth/LDAP/LDAP.php file. This will enable all log for PHP LDAP library.

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

Let me know if this solves your issue,

Regard

dariodsa commented 3 years ago

You can also try with these export LDAPTLS_REQCERT=never. Stackoverflow