I tried your suggestion but no luck…I am not sure it is using the OS trust store….i think php uses its own…but I am not sure where or how to work with it.
thanks
Tony
From: Brandon Lundmailto:brandon@kansas.net Sent: Wednesday, February 16, 2022 4:05 PM To: Tony Guadagnomailto:tonyg@guadagno.org; Observiummailto:observium@observium.org Subject: Re: [Observium] LDAP auth to MS AD with TLS Self Signed Cert
try and install the cert in the local ca store
https://stackoverflow.com/questions/37043442/how-to-add-certificate-authorit...
[https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon@2.png?v=73d...]https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7
ca - How to add Certificate Authority file in CentOS 7 - Stack Overflowhttps://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7 stackoverflow.com I am trying to add certificate Authority (CA) file name - ca.crt to /etc/ssl/certs, for that I followed this article. I copied my ca.crt file to /etc/pki/ca-trust/source/anchors/ and run the comm...
assuming observium is just using the local cert store
Thanks Brandon Lund KansasNet Internet Services 785-776-1452
________________________________ From: Tony Guadagno tonyg@guadagno.org Sent: Wednesday, February 16, 2022 3:02 PM To: Observium; Brandon Lund Subject: RE: [Observium] LDAP auth to MS AD with TLS Self Signed Cert
I made a packet capture on the Observium server trying to login and if you look, you will see that it is indeed a self signed issue.
How do I tell Observium to either trust the cert OR ignore the fact that it is self signed??
[cid:image003.png@01D8234E.A5CB3950]
Tony
From: Tony Guadagno via observiummailto:observium@observium.org Sent: Wednesday, February 16, 2022 3:27 PM To: Brandon Lundmailto:brandon@kansas.net; Observiummailto:observium@observium.org Cc: Tony Guadagnomailto:tonyg@guadagno.org Subject: Re: [Observium] LDAP auth to MS AD with TLS Self Signed Cert
Sorry, I should have been more specific…I already have other apps using ldap with tls hitting the server and they work…so I am confident my AD server is properly configured. I work a lot with ldap and I often find that some apps that integrate with ldap and tls get picky about the cert..thats why I think it might be the fact that I am using a self signed cert (which is common on AD servers).
Usually, there is a way to tell the application “ignore the fact that it is self signed, accept it anyway”
Tony
From: Brandon Lundmailto:brandon@kansas.net Sent: Wednesday, February 16, 2022 3:08 PM To: Observiummailto:observium@observium.org Cc: Tony Guadagnomailto:tonyg@guadagno.org Subject: Re: LDAP auth to MS AD with TLS Self Signed Cert
looks like you need to enable tls for ad to start listing for ldaps
no experience just a quick search.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable...
[https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png]https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority
Enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) - Windows Server | Microsoft Docshttps://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority
docs.microsoft.com
Describes how to enable LDAP over SSL with a third-party certification authority.
Thanks Brandon Lund KansasNet Internet Services 785-776-1452
From: observium observium-bounces@observium.org on behalf of Tony Guadagno via observium observium@observium.org Sent: Wednesday, February 16, 2022 1:49 PM To: Tony Guadagno via observium Cc: Tony Guadagno Subject: [Observium] LDAP auth to MS AD with TLS Self Signed Cert
Hi,
I have ldap auth working mostly, if I set tls to false, I can authenticate. However, I want to be secure and when I enable tls, I get a debug error that says:
Error binding to LDAP server: servername.local: Can’t contact LDAP server
I am guessing the issue is the self signed cert that my server is using.
My question is…how do I configure Observium to accept self signed certs for ldap?
thanks
Tony
