• I'm trying to configure the ldap plugin to authenticate against my LDAP server (openldap 2.4), but running a test returns an error from the server which I believe indicates it's not using TLS, which my server requires. It's not using LDAP over an SSL tunnel (ldaps); but the server is configured to require TLS. For most of my unix clients, that means adding "ssl start_tls" to the relevant ldap.conf file. I also set the location of the certificateAuthorities. IIUC, that should be the name of a file on the system which contains the root certificate of the certificate used by the LDAP server.

    The error in the log is:

    confidentiality required Code: 0xd

    Any idea how I can confirm if I've correctly identified the problem, and if so how to configure it properly?


  • Answering my own questions: It doesn't work. The plugin uses ldapts which requires an explicit call to startTLS(). Since there's no explicit call to that method that I can find, it seems likely that this just isn't supported.

  • XCP-ng Team

XCP-ng Pro Support

XCP-ng Pro Support