Could not bind to the LDAP server (SoGo) ldaps

Programmierus / ldap-mailcow

LDAP account synchronization and authentication for mailcow-dockerized

95 stars 37 forks source link

Could not bind to the LDAP server (SoGo) ldaps #18

Open theoneandonly-vector opened 3 years ago

theoneandonly-vector commented 3 years ago

docker-compose logs -f sogo-mailcow:

[ERROR] <0x0x5631569a5d70[LDAPSource]> Could not bind to the LDAP server ldaps://dc.mydomian.tld:636 (389) using the bind DN: synchuser@DOMAIN.TLD

why does it show (389) when I set ldaps and port 636?

theoneandonly-vector commented 3 years ago

when I set these values manually inside "plist_ldap" which per documentation of SoGo shouldn't be needed (deprecated):

    <key>encryption</key>
    <string>SSL</string>

    <key>port</key>
    <string>636</string>

it will tell me it tries to connect using port 636, but I'm not sure if really applies encryption = SSL, as I can test my AD successfully using LDAP Admin.

theoneandonly-vector commented 3 years ago

I also manually ran this to trust the certificate like I did on my custom build of "ldap-mailcow":

tar -c ./ucs-root-ca.crt | docker exec -i mailcowdockerized_sogo-mailcow_1 /bin/tar -C /tmp -x
docker exec -it mailcowdockerized_sogo-mailcow_1 bash
cp /tmp/ucs-root-ca.crt /usr/local/share/ca-certificates/foo.crt
chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

theoneandonly-vector commented 3 years ago

maybe there's a method to get more logs out of it?

theoneandonly-vector commented 3 years ago

I can reach the host from inside the docker (maybe someone thinks it's a network issue..):

openssl s_client -connect dc.domain.tld:636

It has to be an issue with SSL somehow.. I also tried setting

LDAPTLS_REQCERT=never

and also:

LDAP_TLS_INSECURE=true

but both will just result in:

conf line 6: Unknown setting: LDAPTLS_REQCERT