Question - Can Eramba do Secure LDAP?

I have a need to user the Account Review function with multiple domains and my Network Team doesn’t want port 389 opened. I am not seeing a function for LDAP-S, but it may be in a spot in the OS that I don’t know about.

I’m fairly sure it’s as simple as using ldaps://<server name/IP> and setting the port. There is a note in the connector setup that says:

The ldap server you want to connect. If you want to use TLS then don’t forget to include ldaps:// in front of the server name. For example ldaps:// Additionally you may need to edit your ldap.conf file and include a setting for TLS_REQCERT (with value “never”).

Knowing what to do with the TLS_REQCERT thing is above my paygrade though…

Where does eramba keep the error logs for ldaps?
I am getting an error, but I can’t find a logfile that would help me troubleshoot.

Hello Derek,

You can check the error log and cli-error log but I’m not expecting you will find more info there.
Eramba simply can not connect to your LDAP server.
I would also suggest looking at ldap.conf of the host machine.

Here is the current ldap.conf

LDAP Defaults

See ldap.conf(5) for details

This file should be world readable but not world writable.

#BASE dc=example,dc=com
BASE dc=mydomain,dc=com
#URI ldap:// ldap://
#URI ldap://
URI ldaps://
#DEREF never

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/cert.crt
TLS_REQCERT = “never”

Here are the current Authenticator settings:
Copy of mydomain - Authenticator



LDAP Server Hostname

Mail Domain


LDAP Username
LDAP Password

LDAP Server Base DN

Anyone see anything amiss?

We’re using LDAPS, and our settings in Eramba are similar to yours. I didn’t touch the ldap.conf file.