search

LDAPAccountManager / lam

LDAP Account Manager
https://www.ldap-account-manager.org
Other
430 stars 70 forks source link

Can't contact LDAP server - (unknown error code) #119

Closed wupan-olo closed 3 years ago

wupan-olo commented 3 years ago

I setup a new openldap server using [osixia/docker-openldap] with self-sign certification by openssl

docker run -d -p 1636:636 --name openldap-ssl --restart=always \
--env LDAP_ORGANISATION="example" \
--env LDAP_DOMAIN="example.com" \
--env LDAP_ADMIN_PASSWORD="1qaz@WSX" \
--env LDAP_CONFIG_PASSWORD="1qaz@WSX" \
--volume /data/app/openldap-TLS/server/data:/var/lib/ldap \
--volume /data/app/openldap-TLS/server/config:/etc/ldap/slapd.d \
--volume /data/app/openldap-TLS/server/crts:/container/service/slapd/assets/certs \
--env LDAP_TLS=true \
--env LDAP_TLS_CRT_FILENAME=server.crt \
--env LDAP_TLS_KEY_FILENAME=server.key \
--env LDAP_TLS_CA_CRT_FILENAME=ca.crt \
--env LDAP_TLS_VERIFY_CLIENT=try \
--hostname opendlap-ssl \
--detach osixia/openldap:latest

LAM start script:

docker run -d --restart=always \
--name lam-ssl \
 -p 20880:80 \
--link openldap-ssl:openldap-ssl \
--env LDAP_DOMAIN=example.com \
--env LDAP_SERVER=ldaps://openldap-ssl:636 \
--env LAM_PASSWORD=1qaz@WSX \
--detach ldapaccountmanager/lam:latest

Upload the CA certification file on web ui and restart lam-ssl container.

when login with openldap admin user, some error happend: Can't contact LDAP server - (unknown error code)

Using docker logs to check out what happened but nothing unusual

gruberroland commented 3 years ago

Unfortunately, the errors for TLS connections are not very usable. Can you login via LAM when you disable TLS in your LAM server profile (ldap://openldap-ssl:389 and TLS option turned off)? You can also try to use "ldap://openldap-ssl:389" and activate the TLS checkbox underneath.

gruberroland commented 3 years ago

Please also see docker-compose.yaml here for a working example: https://github.com/LDAPAccountManager/lam/tree/develop/lam-packaging/docker I guess it is more related to the LDAP server. E.g. certificate setup or client certificate set to required.

wupan-olo commented 3 years ago

@gruberroland Thanks. LAM working fine while turning TLS off. Using docker-phpLDAPadmin working fine with TLS functions.