Beiträge von vedragan

Zitat von vedragan

Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.

Following work-arround works for me.

After configuring the LDAP with the proper credentials via WebGUI, WITHOUT(!) SSL/TLS option issue following commands:

echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
echo "ssl start_tls" >> /etc/libnss-ldap.conf
echo "ssl start_tls" >> /etc/pam_ldap.conf

and then restart OpenMediaVault.

Open issues:
- I did not figure out how to insert this parameter over WebGUI. As 3 files must be modified probably is not possible to fix this via GUI with only two input fields
- each time the LDAP parameters are changed via the WebGUI, the above work around is going to be overwritten.

Credit to: https://www.server-world.info/…s=Debian_8&p=openldap&f=4

First, I have the same issue. My LDAP server is NethServer and I connected successfully a NAS from QNAP to it. So I know the correct settings but this still not helping with the open media vault.

According to this http://www.openldap.org/faq/data/cache/185.html there are 3 different types of LDAP connection:
1) LDAP over port 389, called normal LDAP
2) LDAP + TLS over 389, TLS upgrade for the normal LDAP
3) LDAPS over port 636, called "LDAP over TLS/SSL" or "LDAP Secured"

My QNAP supports ALL three and present them as:
1) ldap://
2) ldap://ldap+tls
3) ladps://ldap+ssl

Now, OpenMediaVault has only a toggle button between 1 and 3. Changing the toggle and saving (twice) you can see in the /etc/ldap/ldap.conf the changing of the URI from "ldap" to "ldaps". In my case for sure and probably for you as well, the the middle way is required LDAP+TLS over port 389. It must be mentioned the LDAPS is quite rare as far as I know.

Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.