Installation Details:
| OS | Linux |
| Platform | Debian GNU/Linux 12 |
| System Type | x86_64 |
| Virtualization | ProxmoxLXC |
| Module | ADSModule |
| Module Application | Application Deployment |
| Loaded Plugins | FileManagerPlugin, EmailSenderPlugin, WebRequestPlugin, LocalFileBackupPlugin, CommonCorePlugin |
| Application Version | 2.5.0.4 |
| Codename | Callisto |
| Tools Version | 2.5.0.4 |
| Release Stream | Mainline |
| Build Spec | Release |
Problem Description:
I want to use LDAPS for integrating with my Active Directory Domain. The Setup with LDAP is working fine now, but I don’t get it to work with LDAPS.
My setup in the AMPConfig.conf is the following (I replaced my domain with ad.domain.com):
Login.UseLDAPLogins=True
Login.UseLDAP3=True
Login.AllowLocalUsersWithLDAP=True
Login.LDAPAuthDomain=ad.domain.com
Login.LDAP3Host=winsrv-1.ad.domain.com
Login.LDAP3FilterDN=OU=Benutzer,DC=ad,DC=domain,DC=com
Login.LDAP3UserDN=service_amp@ad.domain.com
Login.LDAPGroupPrefix=AMP_
Login.LDAPUserDomain=ad.domain.com
Login.LDAP3UsesSSL=True //Working if changed to False
Login.LDAPADPre2000=False
Login.LDAPStripDomainFromFilter=True
Login.LDAPQueryUsername=ampquery
Login.LDAPQueryPassword=PasswordForService_ampUser
The logs with LDAPS:
[12:03:23] [LDAPDSAuth Debug] : LDAP query filter: (&(objectClass=user)(sAMAccountName=username))
[12:03:23] [Core Debug] : InterThreadException
[12:03:23] [Core Debug] : [0] (InterThreadException) : Connect Error
[12:03:23] [Core Debug] : at Novell.Directory.Ldap.LdapResponse.chkResultCode ()
at Novell.Directory.Ldap.LdapConnection.chkResultCode (Novell.Directory.Ldap.LdapMessageQueue queue, Novell.Directory.Ldap.LdapConstraints cons, Novell.Directory.Ldap.LdapResponse response)
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, String dn, SByte[] passwd, Novell.Directory.Ldap.LdapConstraints cons)
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, String dn, String passwd, Novell.Directory.Ldap.LdapConstraints cons)
at Novell.Directory.Ldap.LdapConnection.Bind (String dn, String passwd, Novell.Directory.Ldap.AuthenticationTypes authenticationTypes)
at DirectoryServices.DirectorySearcher.InitBlock ()
at DirectoryServices.DirectorySearcher.DoSearch ()
at DirectoryServices.DirectorySearcher.get_SrchColl ()
at DirectoryServices.DirectorySearcher.FindOne ()
at (wrapper remoting-invoke-with-check) DirectoryServices.DirectorySearcher.FindOne()
at GSMyAdmin.Authentication.LDAPDSAuth.Authenticate (String username, String password)
[12:03:23] [Auth Debug] : LDAP Login failure for username: Unable to query LDAP server: Connect Error
[12:03:23] [Core Debug] : Login failed for username - Failure : LDAP failure - check logs -
Steps to reproduce/ Actions taken to resolve so far:
- Setup Active Directory Domain with Enterprise CA (Windows Certificate Authority)
- Make sure that the Domain Controller delivering the correct certificate on LDAPS
I imported the Enterprise CA (my SelfSigned Root CA) into the AMP Host as follows:
- Put the Root CA Certificate File in
/usr/local/share/ca-certificates - Execute
update-ca-certificates
Than execute openssl s_client -connect winsrv-1.ad.domain.com:636 and verify the result.
A part of mine looks like this:
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2562 bytes and written 447 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
- Setup as the LDAP settings as shown above
Thank you for your help!