LDAP Plugin with start_tls
-
I'm trying to configure the ldap plugin to authenticate against my LDAP server (openldap 2.4), but running a test returns an error from the server which I believe indicates it's not using TLS, which my server requires. It's not using LDAP over an SSL tunnel (ldaps); but the server is configured to require TLS. For most of my unix clients, that means adding "ssl start_tls" to the relevant ldap.conf file. I also set the location of the certificateAuthorities. IIUC, that should be the name of a file on the system which contains the root certificate of the certificate used by the LDAP server.
The error in the log is:
confidentiality required Code: 0xdAny idea how I can confirm if I've correctly identified the problem, and if so how to configure it properly?
Thanks!
-
Answering my own questions: It doesn't work. The plugin uses ldapts which requires an explicit call to startTLS(). Since there's no explicit call to that method that I can find, it seems likely that this just isn't supported.
-
Linking the issue here: https://github.com/vatesfr/xen-orchestra/issues/4999
closed Feature Request to support TLS for auth-ldap plugin #4999
