I have a need to user the Account Review function with multiple domains and my Network Team doesn’t want port 389 opened. I am not seeing a function for LDAP-S, but it may be in a spot in the OS that I don’t know about.

I’m fairly sure it’s as simple as using ldaps://<server name/IP> and setting the port. There is a note in the connector setup that says:

The ldap server you want to connect. If you want to use TLS then don’t forget to include ldaps:// in front of the server name. For example ldaps://ldap.company.com. Additionally you may need to edit your ldap.conf file and include a setting for TLS_REQCERT (with value “never”).

Knowing what to do with the TLS_REQCERT thing is above my paygrade though…

Where does eramba keep the error logs for ldaps?
I am getting an error, but I can’t find a logfile that would help me troubleshoot.

Hello Derek,

You can check the error log and cli-error log but I’m not expecting you will find more info there.
Eramba simply can not connect to your LDAP server.
I would also suggest looking at ldap.conf of the host machine.

Here is the current ldap.conf

LDAP Defaults

See ldap.conf(5) for details

This file should be world readable but not world writable.

#BASE dc=example,dc=com
BASE dc=mydomain,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#URI ldap://servername.mydomain.com:389
URI ldaps://servername.mydomain.com:636
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/cert.crt
TLS_REQCERT = “never”

Here are the current Authenticator settings:
Name
Copy of mydomain - Authenticator

Description

Status
Active

LDAP Server Hostname
ldaps://servername.mydomain.com

Mail Domain

Port
636

LDAP Username
LDAP Password

LDAP Server Base DN
DC=mydomain,DC=com

Anyone see anything amiss?

We’re using LDAPS, and our settings in Eramba are similar to yours. I didn’t touch the ldap.conf file.