I have a need to user the Account Review function with multiple domains and my Network Team doesn’t want port 389 opened. I am not seeing a function for LDAP-S, but it may be in a spot in the OS that I don’t know about.
I’m fairly sure it’s as simple as using ldaps://<server name/IP> and setting the port. There is a note in the connector setup that says:
The ldap server you want to connect. If you want to use TLS then don’t forget to include ldaps:// in front of the server name. For example ldaps://ldap.company.com. Additionally you may need to edit your ldap.conf file and include a setting for TLS_REQCERT (with value “never”).
Knowing what to do with the TLS_REQCERT thing is above my paygrade though…
Where does eramba keep the error logs for ldaps?
I am getting an error, but I can’t find a logfile that would help me troubleshoot.
Hello Derek,
You can check the error log and cli-error log but I’m not expecting you will find more info there.
Eramba simply can not connect to your LDAP server.
I would also suggest looking at ldap.conf of the host machine.
Here is the current ldap.conf
LDAP Defaults
See ldap.conf(5) for details
This file should be world readable but not world writable.
#BASE dc=example,dc=com
BASE dc=mydomain,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#URI ldap://servername.mydomain.com:389
URI ldaps://servername.mydomain.com:636
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/cert.crt
TLS_REQCERT = “never”
Here are the current Authenticator settings:
Name
Copy of mydomain - Authenticator
Description
Status
Active
LDAP Server Hostname
ldaps://servername.mydomain.com
Mail Domain
Port
636
LDAP Username
LDAP Password
LDAP Server Base DN
DC=mydomain,DC=com
Anyone see anything amiss?
We’re using LDAPS, and our settings in Eramba are similar to yours. I didn’t touch the ldap.conf file.