Open Yotouille opened 4 years ago
Hello, sorry for the late reply.
It seems that the LDAP server CA certificate would be required, since Confidentiality required
message stands that the connection must be enabled through a secure channel. Do you use the standard LDAP port (ie. 389)?
Regards
Hi there !
I've double check the CA and it's ok (btw, this part had not been modified since 3.0). The LDAP server is listening on 389 (StartTLS is mandatory) and also on 636, both are used elsewhere without an issue. And our sysPass 3.0 is working fine on 636 (only on this port, but that's another thing) with the exact same LDAP server.
As the TEST button says the connection is OK, I don't understand why it stop working once LDAP settings are saved.
Let me know if you need more infos !
Thanks for all !!
Hi folks!
I also have the same problem :( Config test and user import works fine, but login with imported user appear BIND error:
My configs:
sysPass log:
slapd log:
Hi,
I have the same issue with the 3.2 version.
Do you have find a solution ?
Regards
I forgot the LDAP TLS config parameters:
Hello,
@diegopaludo did you configure the LDAP TLS and certificates within sysPass server?. LDAP server is requiring TLS to be enabled on sysPass side.
Regards
@Yotouille could you please provide the LDAP connection string? (masked please...)
Hello,
@diegopaludo did you configure the LDAP TLS and certificates within sysPass server?. LDAP server is requiring TLS to be enabled on sysPass side.
Regards
sysPass and LDAP are on the same server and LDAP certificates are validated by Let's Encrypt.
I have other applications on the same server and on others one that works fine with LDAP with Let's Encrypt and I don't need configure the certificates in this applications.
My doubt is during sysPass LDAP configuration the connection works and LDAP user import, too. But after apply this configs I can't login with imported LDAP user.
Hello,
@nuxsmin I try others options but same error 😢
LDAP log during testing config:
LDAP log during login:
Testing SSL (by troubleshooting in documation):
I think login page doesn't send TLS information and fallback login doesn't work. I need to manually set "ldapEnabled" in config.xml to 0 for login with admin again.
This pull request
https://github.com/nuxsmin/sysPass/pull/1646/commits/2651d25e6525e9c75c1133e577ea2ceb5a5b04f5
Solve partially my problem. Now login with LDAP works, but fallback, no. Admin login needs to manually set "ldapEnabled" in config.xml to 0
This pull request
Solve partially my problem. Now login with LDAP works, but fallback, no. Admin login needs to manually set "ldapEnabled" in config.xml to 0
Thank you, after a day looking into it I found your solution. I am having exactly the same problem. Will at least this fix be part of coming versions?
Syspass infos:
I have seen a few other issues on this subject, but this one don't really fit the other AD/LDAP issues. After upgrading from 3.0 to 3.1, it seems we had to reconfigure the LDAP settings.
On the LDAP settings page, all is configured, and the TEST button just says:
with the list of my 4 users' "CN"
After "Enabling LDAP" and clicking "Save" then sign-out, I cannot sign-in to syspass anymore "Connection Error (BIND)", and no fallback to mysql (need to disable LDAP in config file to sign-in again).
I have tried with a less aggressive password (no special char), but with no luck. And all seems to be stored OK in the config file.
This is the exception, when trying to sign-in with LDAP: