Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
[image: Inline image 1] What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
[image: Inline image 2]
And inside the client response ( packet # 9 ), there is this:
[image: Inline image 3]
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
Hello Vlad,
Seems you're using a self-signed cert, and the strict mode seems to be enabled (requesting an official CA to validate your cert).
In //, you're using TLS 1.0 and maybe you should consider switching to 1.2.
Good luck
Best,
E.
Le 17/03/2017 à 19:33, Vlad Kratsberg a écrit :
Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
Inline image 1 What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
Inline image 2
And inside the client response ( packet # 9 ), there is this:
Inline image 3
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi Eric,
Thanks for response. I can't find documentation on how to disable verification of the cert nor how to switch to TLS 1.2.
Do you happen to know how to do that ?
Thanks in advance.
On Fri, Mar 17, 2017 at 3:02 PM, Erik LE VACON erik@levacon.net wrote:
Hello Vlad,
Seems you're using a self-signed cert, and the strict mode seems to be enabled (requesting an official CA to validate your cert).
In //, you're using TLS 1.0 and maybe you should consider switching to 1.2.
Good luck
Best,
E.
Le 17/03/2017 à 19:33, Vlad Kratsberg a écrit :
Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
[image: Inline image 1] What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
[image: Inline image 2]
And inside the client response ( packet # 9 ), there is this:
[image: Inline image 3]
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Is there a document that lists and describes available options that go in to config.php ? Especially, ldap section. Would be really helpful in my situation.
Thank you Vlad
On Fri, Mar 17, 2017 at 3:16 PM, Vlad Kratsberg vkratsberg@gmail.com wrote:
Hi Eric,
Thanks for response. I can't find documentation on how to disable verification of the cert nor how to switch to TLS 1.2.
Do you happen to know how to do that ?
Thanks in advance.
On Fri, Mar 17, 2017 at 3:02 PM, Erik LE VACON erik@levacon.net wrote:
Hello Vlad,
Seems you're using a self-signed cert, and the strict mode seems to be enabled (requesting an official CA to validate your cert).
In //, you're using TLS 1.0 and maybe you should consider switching to 1.2.
Good luck
Best,
E.
Le 17/03/2017 à 19:33, Vlad Kratsberg a écrit :
Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
[image: Inline image 1] What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
[image: Inline image 2]
And inside the client response ( packet # 9 ), there is this:
[image: Inline image 3]
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi, I am not sure if this is exact, but i do believe that if you join the machine to the Ldap domain, you will get the certificate. I am using Freeipa and my machine is a client of the domain. Because of this, when I use SSL, the certificate is known. On my machine, it is here. /etc/ssl/certs/ipa-ca.pem
D
On Fri, Mar 17, 2017 at 2:33 PM, Vlad Kratsberg vkratsberg@gmail.com wrote:
Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
[image: Inline image 1] What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
[image: Inline image 2]
And inside the client response ( packet # 9 ), there is this:
[image: Inline image 3]
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Thanks for a tip David,
My machine is on ldap and working fine. Also, i have netdisco with LDAP +TLS enabled on the same machine and all works great. It is just an observium that i m having a problem with.
Like Eric mentioned, i might somehow disable strict mode to disable cert verification which i did for netdisco in the following way:
tls_opts: {verify=> 'none',sslversion => 'tlsv1'}
Is there similar configuration for Observium ?
On Fri, Mar 17, 2017 at 3:42 PM, David Haché dave@dhache.com wrote:
Hi, I am not sure if this is exact, but i do believe that if you join the machine to the Ldap domain, you will get the certificate. I am using Freeipa and my machine is a client of the domain. Because of this, when I use SSL, the certificate is known. On my machine, it is here. /etc/ssl/certs/ipa-ca.pem
D
On Fri, Mar 17, 2017 at 2:33 PM, Vlad Kratsberg vkratsberg@gmail.com wrote:
Hello,
We are trying to enable TLS on top of ldap connections. Once, i change startls to FALSE or required
$config['auth_ldap_starttls'] = TRUE; $config['auth_ldap_starttls'] = 'required';
I get the following message:
[image: Inline image 1] What does it mean exactly ? Version mismatch ? Cert error ?
When I check packet capture, i see the following:
[image: Inline image 2]
And inside the client response ( packet # 9 ), there is this:
[image: Inline image 3]
Does it mean that observium can't find a certificate ? If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.
Also, what TLS versions are supported by observium ?
Has anybody experienced the same issue ? Were you able to resolve it ?
Appreciate your responses.
Thank you
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
David Haché -
Erik LE VACON -
Vlad Kratsberg