Open User35123 opened 5 months ago
We have never tested ldaps, I guess ldaps is oboslete after searching internet. https://averageguyx.blogspot.com/2019/04/ldaps-is-dead-long-live-ldaps.html
Could you show me your ldap settings page? I wanna confirm if your settings is ok. I checked code, in theory it supports ldaps, but applogize we had no env to test ldaps.
Thank you for your fast response!
Microsoft is still using ldaps on articles about configuring ldap:
StartTLS is very popular because it works very easy to use because its backward compatible with plain text autentication and still use the old port. But i need to be sure that everything is always encrypted.
As you can read in the comments on your link, not everyone agrees on this either: "clients accidentally leaking connection information when they try to use LDAP WITHOUT StartTLS. Even if the server side rejects it, the client has already sent its sensitive information onto the wire where bad guys can sniff it like any other cleartext data"
My LDAP Settings
I tested these settings with plain text authentication and it seems to work - that means there seems to be a problem with the ssl/tls config
I also testet [ x ] NoTLSVerify - but with no luck
Maybe related https://github.com/rustdesk/rustdesk-server-pro/issues/99#issuecomment-1777223013 Though it is smtp, our tls lib does not support some weak/obsolete tls settings.
Interesting. This could be the reason why if only TLS_1.3 is allowed. The LDAP(S) server is using TLS_1.2 (currently testet) because only the very latest Windows Server 2022 is supporting TLS_1.3. All other Windows Server Systems do not support TLS_1.3
Update: If that's the problem StartTLS also does not work because its also using TLS_1.2 on systems older then Windows Server 2022 (not personally testet but technically this make sense to me)
Hello!
it seems that Version 1.1.14 does not allow LDAPS (fully encrypted using Port 636) but LDAP over TLS using STARTTLS (Port 389)
My Active Directory LDAP does not allow STARTTLS because it works by establishing a normal - i.e. unsecured - connection with the LDAP server before a handshake negotiation between the server and client is carried out.
I tried to connect to my LDAP Server using:
LDAP Host: ldaps://ldapserver.local, LADP Port: 636 LDAP Host ldapserver.local, LDAP Port: 636
But i always getting this error: Failed to update Ldap: failed to connect to ldap server
Isnt LDAPS implemented yet? Can someone check or confirm this?
Thank you!