Open cosmiccricket opened 1 month ago
For your ldapsearch line, you should probably include the SSL key and cert - Google has some docs on this here: https://support.google.com/a/answer/9190869?hl=en#zippy=%2Cldapsearch
Those are typically already on the machine in the ./storage
subdirectory, as ldap_client_tls.cert
and ldap_client_tls.key
.
Your settings look mostly fine, which is good - but we typically do need a username and password - which Google will allow you to generate.
Supported editions for this feature: Frontline Standard; Business Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Edu
I will get back with the ldapsearch results, but I am using the user credentials from Google Workspace in SnipeIT, and they do not fix this issue.
Debug mode
Describe the bug
We have ditched some directory services and need to configure Snipe-IT to work with Google Workspace. I am trying to follow the instructions on https://snipe-it.readme.io/docs/hosted-ldap-providers to set up a connection to Google Secure LDAP, but when I test the connection, Snipe-IT will show "Could not bind to LDAP: Can't contact LDAP server" no matter what I do. Snipe-IT was working with our old directory service beforehand.
Things I have tried: -Opened ports 389 and 636 for the EC2 instance's security group -Checked that the relevant network ACL is allowing traffic through -Set LDAPTLS_CIPHER_SUITE='NORMAL:!VERS-TLS1.3'
openssl s_client -connect ldap.google.com:636 from the EC2 instance returned a 0 ldapsearch -H ldaps://ldap.google.com:636 -b dc=,dc=com -D -W '(mail=@.com)' returned error 49. I am copy pasting the LDAP credentials straight from Google Workspace.
I am not sure if this is relevant but the version of SnipeIT we are using does not have a text field for LDAP version in the configuration page.
Reproduction steps
Followed the instructions on https://snipe-it.readme.io/docs/hosted-ldap-providers and the error "Could not bind to LDAP: Can't contact LDAP server" appears under the "Test LDAP Synchronization" button.
Expected behavior
I am expecting the LDAP connection test to be successful with the given credentials.
Screenshots
Snipe-IT Version
6.4.1
Operating System
Ubuntu 20.04.6 LTS
Web Server
nginx
PHP Version
8.1.29
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
No response
Additional context
This install has been here longer than I have, which is at least a year. As far as i know Snipe-IT was installed via install.sh