Project

General

Profile

Actions

Defect #28558

open

OpenLDAP

Added by Brian Rose over 6 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

Disclaimer: I am not an IT pro, I just play one on TV.

I am trying to migrate a Redmine instance from one server to another. The last bit that I am trying to get working is to connect Redmine to OpenLDAP.

My server configuration (details attached) is an Ubuntu 16.04.04 Server, with OpenLDAP 2.4.42 and Redmine 3.4.4. Note that this machine has a self-signed security certificate.

I am able to connect to the LDAP server with Apache Directory Studio and also ldapsearch on the command line.

LDAPTLS_REQCERT=never ldapsearch -D "cn=admin,dc=ubuntutest" -W -p 389 -h ubuntutest -b "dc=ubuntutest" -s sub -x -ZZ "(objectclass=*)"

When I configure the LDAP connection in Redmine and test it, I get the following error.

Unable to connect (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A)

I have a feeling this has to do with the self signed cert in some way, but I am not sure where to start looking here.

Any ideas?


Files

REDMINE-backup-sharesafe.rtf (133 KB) REDMINE-backup-sharesafe.rtf Brian Rose, 2018-04-14 13:45
Actions #1

Updated by Brian Rose over 6 years ago

Note that this functions with the LDAPS box unchecked.

Actions #2

Updated by Gregor Schmidt over 6 years ago

LDAPS will use a different port than LDAP. The default ports are 389 for LDAP and 636 for LDAPS.

There is a different LDAP mode called START_TLS which is currently not supported by Redmine. LDAP+START_TLS will be using the same port as plain LDAP, i.e. 389 by default. Maybe ldap_search is using this mode of operation?

Actions #3

Updated by Brian Rose over 6 years ago

As I understand LDAP + START_TLS is the preferred method over LDAPS. Most current tutorials on setting up a secure LDAP server use this method.

Start TLS is defined in the current LDAP RFC. Is there any particular reason why Redmine cannot support it?

Actions

Also available in: Atom PDF