Project

General

Profile

Defect #27071

Updated by Toshi MARUYAMA over 7 years ago

I've migrated from a 2.4.2 Redmine server to a new 3.2.1.  
 Everything is working OK but failing to test LDAPS (LDAP + SSL) connections (LDAP connections -without SSL- are working OK).  
 I've tested with different users and different LDAP servers and always get the same result: auth_source form shows an error message: "Unable to connect (hostname X.X.X.X does not match the server certificate)". 
 I've not found relevant info in production.log file: 

 <pre> 
 Started PATCH "/auth_sources/8" for 172.19.12.124 at 2017-09-25 12:46:16 +0200 
 Processing by AuthSourcesController#update as HTML 
   Parameters: {"utf8"=>"✓", "authenticity_token"=>"Fa1QoVLFef+zngYYwypUipDda1/c0Yh0mqqGmtWThvA0D2zNmqqeDLiGUwN0pwgTWfklBjrZ73G4KpDo/53qTA==", "auth_source"=>{"name"=>"OpenLdap", "host"=>"X.X.X.X", "port"=>"636", "tls"=>"1", "account"=>"uid=xxxxxxx,ou=xxxxxx,dc=xxxxx,dc=xx", "base_dn"=>"ou=xxxxxx,dc=xxxxxx,dc=xx", "filter"=>"", "timeout"=>"", "onthefly_register"=>"0", "attr_login"=>"sAMAccountName", "attr_firstname"=>"", "attr_lastname"=>"", "attr_mail"=>""}, "dummy_password"=>"[FILTERED]", "commit"=>"Save", "id"=>"8"} 
   SQL (4.3ms)    UPDATE `tokens` SET `tokens`.`updated_on` = '2017-09-25 12:46:16' WHERE `tokens`.`user_id` = 1 AND `tokens`.`value` = '932b09e00f3e76cd17f3b9b92f4dfacc77b0b3c2' AND `tokens`.`action` = 'session' AND (created_on > '2017-09-24 12:46:16.911570') AND (updated_on > '2017-09-25 00:46:16.911805') 
    (0.3ms)    SELECT MAX(`settings`.`updated_on`) FROM `settings` 
   User Load (0.3ms)    SELECT    `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND `users`.`id` = 1 LIMIT 1 
   Current user: admin (id=1) 
   AuthSource Load (0.2ms)    SELECT    `auth_sources`.* FROM `auth_sources` WHERE `auth_sources`.`id` = 8 LIMIT 1 
    (0.1ms)    BEGIN 
   AuthSource Exists (0.3ms)    SELECT    1 AS one FROM `auth_sources` WHERE (`auth_sources`.`name` = BINARY 'OpenLdap' AND `auth_sources`.`id` != 8) LIMIT 1 
   SQL (0.2ms)    UPDATE `auth_sources` SET `port` = 636, `tls` = 1 WHERE `auth_sources`.`id` = 8 
    (1.2ms)    COMMIT 
 Redirected to https://<my_server>/auth_sources 
 Completed 302 Found in 15ms (ActiveRecord: 6.8ms). 
 </pre> 

 I've tested from SSL connections with openssl to LDAP connection with ldapsearch, and it not seems to be anything wrong.  
 Using the same users credentials and the same server connections (early configured into Redmine), with ldapseach goes everything OK. 



 Data about my environment: 

 root@asscc111s:/usr/share/redmine# ruby bin/about 

 <pre> 
 Environment: 
   Redmine version                  3.2.1.stable 
   Ruby version                     2.3.1-p112 (2016-04-26) [x86_64-linux-gnu] 
   Rails version                    4.2.6 
   Environment                      production 
   Database adapter                 Mysql2 
 SCM: 
   Git                              2.7.4 
   Filesystem 
 Redmine plugins: 
   no plugin installed 
 </pre> 

 


 root@asscc111s:/usr/share/redmine# mysql -V 
 mysql    Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using    EditLine wrapper 


 Finally, all installed over a Ubuntu Server 16.04. 



Back