Sorry, I should have been more specific…I already have other apps using ldap with tls hitting the server and they work…so I am confident my AD server is properly configured. I work a lot with ldap and I often find that some apps that integrate with ldap and tls get picky about the cert..thats why I think it might be the fact that I am using a self signed cert (which is common on AD servers).

Usually, there is a way to tell the application “ignore the fact that it is self signed, accept it anyway”

Tony

From: Brandon Lund
Sent: Wednesday, February 16, 2022 3:08 PM
To: Observium
Cc: Tony Guadagno
Subject: Re: LDAP auth to MS AD with TLS Self Signed Cert

looks like you need to enable tls for ad to start listing for ldaps

no experience just a quick search.

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority

Enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) - Windows Server | Microsoft Docs

docs.microsoft.com

Describes how to enable LDAP over SSL with a third-party certification authority.

Thanks
Brandon Lund
KansasNet Internet Services
785-776-1452

From: observium <observium-bounces@observium.org> on behalf of Tony Guadagno via observium <observium@observium.org>
Sent: Wednesday, February 16, 2022 1:49 PM
To: Tony Guadagno via observium
Cc: Tony Guadagno
Subject: [Observium] LDAP auth to MS AD with TLS Self Signed Cert

Hi,

I have ldap auth working mostly, if I set tls to false, I can authenticate. However, I want to be secure and when I enable tls, I get a debug error that says:

Error binding to LDAP server: servername.local: Can’t contact LDAP server

I am guessing the issue is the self signed cert that my server is using.

My question is…how do I configure Observium to accept self signed certs for ldap?

thanks

Tony