Hi Ben,
if connections via port 636 are refused then you need TLS (ldap:// URL
and TLS drop-down active).
This will connect on port 389 and start encryption when the connection
is established.
TLS has no special port. It works on 389 where also unencrypted
connections are done.
Best regards
Roland
Am 20.08.22 um 10:02 schrieb Ben Toms:
Hi Roland,
LAM 8.0.1 (was 6.9! upgraded before attempting LDAPS as want to make this
externally accessible in the near future).
After making the needed changes, I can still connect to ldap over 389.. no
ldaps etc.
There also doesn’t seem to be any new open ports.
Then changing the server to ldaps://<server fqdn >:636 and attempting to
connect via that, the connections are refused.
The cert I’m looking to use is a publicly signed cert, but it’s a wildcard.
Not sure if that makes a difference.
No errors present in UI or logs.
On Sat, 20 Aug 2022 at 08:26, Roland Gruber <[email protected]> wrote:
Hi Ben,
there is no additional step needed. You should get an error message if
encryption cannot be activated.
Are you on the latest version of LAM?
How do you see that LDAPS is not used?
Best regards
Roland
Am 19.08.22 um 17:32 schrieb Ben Toms:
Thanks, Roland.
What I mean is that when I make the changes, LDAPS isn't being enabled.
Is there some additional steps?
On Fri, 19 Aug 2022 at 15:51, Roland Gruber <[email protected]>
wrote:
Hi Ben,
there is no visible change if you use LDAPS.
Best regards
Roland
Am 19.08.22 um 09:18 schrieb Ben Toms:
Thanks, Roland.
I can see the wildcard cert that I uploaded previously under "General
Settings" but when enabling under "Server Profiles", nothing seems to
change?
On Fri, 19 Aug 2022 at 06:57, Roland Gruber <[email protected]>
wrote:
Hi Ben,
to activate encryption please enable TLS (most common) or LDAPS in
general settings of the server profile:
https://www.ldap-account-manager.org/static/doc/manual/ch03s02.html#idm858
For TLS use the drop-down, for LDAPS use a URL starting with ldaps://
(e.g. ldaps://myserver.example.com).
Best regards
Roland
Am 19.08.22 um 01:08 schrieb Ben Toms:
Sorry, me again.
So, i'm looking to enable LDAPS. And have added the relevant wildcard
to
LAM as per:
https://www.ldap-account-manager.org/static/doc/manual-onePage/index.html#conf_sslCert
I'm not not 100% sure the steps to enable LDAPS.
https://www.ldap-account-manager.org/static/doc/manual-onePage/index.html#conf_sslCert
advises:
You can either upload a DER/PEM formatted certificate file or import
the
certificates directly from an LDAP server that is available with
LDAP+SSL
(ldaps://). LAM will automatically override system certificates if
at
least
one certificate is uploaded/imported.
And the following states
https://www.ldap-account-manager.org/static/doc/manual-onePage/index.html#idm6537
:
You will need to setup ldap.conf to trust your server certificate.
Some
installations use /etc/ldap.conf and some use /etc/ldap/ldap.conf.
It
is a
good idea to symlink /etc/ldap.conf to /etc/ldap/ldap.conf. Specify
the
server CA certificate with the following option:
The SSL is a publicly signed wildcard, but not 100% how to enable. is
there
any port settings etc?
--
[image: Image]
[image: -] <https://datajar.co.uk/>
[image: -] <https://twitter.com/dataJARltd> [image: -]
<https://www.linkedin.com/company/datajar-ltd/> [image: -]
<https://www.facebook.com/datajarltd>
[image: -]
Ben Toms
Head of Innovation and Platform
[image: Image] www.datajar.co.uk <http://datajar.co.uk>
[image: Image] [email protected]
[image: Image] 01273 041886
[image: Image] 0800 368 9330
[image: Image] Orange Row, Brighton, BN1 1UQ
[image: -]
<
https://www.channelpartnerinsight.com/news/4032018/meet-finalists-datajar-director-head-services-james-ridsdale
[image:
-]
<
https://www.g2.com/products/datajar-mobi/reviews?__cf_chl_jschl_tk__=33df3e8cf236e1c1ddeefd4b9cf19530e62bf9b0-1623755259-0-Aav6hYnTvr1htYNz3oTNMDNhad6CHhZiPSlNgKXuLWm_E-6VBUcr-uR2z0p7j7GqLk79B4nbAYcRymBktEUjWggmaSLf0Es4FTpJVCJ0OCWFVmHauwFW8mdCVsDhJQSCtc0CCpKndUo0Fr5Ssa_arQMtlOARCXknRGbITdzNbVf_g0Ozg-anqT1uf1_2luz_f6AZLXaFPecFyF4sv3UvFh7Y9tLcTA3vX1whMzzHzJr-0OUUirmcPjZ9EvgrIN-MwQB91Zrj4AB8ZqfEYzCuJ32gilhGYHXLv4yK0ggAIAWYqU5T3SdX06V0-dbY6jZaFLW-QtB8_x2VDj0S9l71_hHDzJBUDM-53ILOdxBs0CnmPWQ5MCssu2gsXz1xEk_BOsA5BVekEK39s3AcbrjHElfeYVyMi7vVpTmHCH07ofiylTU7E5ACDbojaMkiBhimYCx0tfqLBkRRQiEAsIQnNBt3_eqCmFpqmdsk4VhqxN0MN2UpycQ7z6dMBnKaKSsYgA#details
Best Technical Support
MSP Innovation Awards
Europe 2021 [image: -]
<
https://www.g2.com/products/datajar-mobi/reviews?__cf_chl_jschl_tk__=33df3e8cf236e1c1ddeefd4b9cf19530e62bf9b0-1623755259-0-Aav6hYnTvr1htYNz3oTNMDNhad6CHhZiPSlNgKXuLWm_E-6VBUcr-uR2z0p7j7GqLk79B4nbAYcRymBktEUjWggmaSLf0Es4FTpJVCJ0OCWFVmHauwFW8mdCVsDhJQSCtc0CCpKndUo0Fr5Ssa_arQMtlOARCXknRGbITdzNbVf_g0Ozg-anqT1uf1_2luz_f6AZLXaFPecFyF4sv3UvFh7Y9tLcTA3vX1whMzzHzJr-0OUUirmcPjZ9EvgrIN-MwQB91Zrj4AB8ZqfEYzCuJ32gilhGYHXLv4yK0ggAIAWYqU5T3SdX06V0-dbY6jZaFLW-QtB8_x2VDj0S9l71_hHDzJBUDM-53ILOdxBs0CnmPWQ5MCssu2gsXz1xEk_BOsA5BVekEK39s3AcbrjHElfeYVyMi7vVpTmHCH07ofiylTU7E5ACDbojaMkiBhimYCx0tfqLBkRRQiEAsIQnNBt3_eqCmFpqmdsk4VhqxN0MN2UpycQ7z6dMBnKaKSsYgA#details
Ranked no1 for support
G2 MDM Grid® for mobile device
management Spring 2022
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
