Anyway care to share their config files, we’ve been round the houses for two days, trying to get LDAP/LDAPS working, LDAP/LDAPs works using ldapsearch, and ruby, all SSL root certificates.

Oddly, very little info in the logs, Authenticate Error or Net::ReadTimeout with #TCPSocket:(closed)

So it’s either our config file which looks like

server 1:
:user: ‘username@server.local’
:password: ‘password’
:auth_method: :simple
:host: server.local
:port: 636
:encryption: :simple_tls
:base: ‘……dc=server,dc=local’
:user_field: ‘sAMAccountName’
:domain: ‘server.local’
:timeout: 30
:rfc2307bis: true
:tls_options:
ca_file: ‘/usr/lib/ssl/certs/ad-ca.crt’

:order:

• server 1

even if I dump this config

# List of LDAP servers to query
server 1:
:user: ‘sa_read’
:password: ‘password’
:auth_method: :simple
:host: ad1.company.local
:port: 636
:base: ‘dc=company,dc=local’
:user_field: ‘sAMAccountName’
:encryption: :simple_tls

server 2:
:user: ‘sa_read’
:password: ‘password’
:auth_method: :simple
:host: ad2.company.local
:port: 636
:base: ‘dc=company,dc=local’
:user_field: ‘sAMAccountName’
:encryption: :simple_tls

List the order the servers are queried

:order:
- server 1
- server 2

I get no error messages, so something is wrong ?

Hello,

In my experience, sometimes ruby relies on ldap-utils configuration (some vars are not taken directly from OpenNebula config). If you already installed ldap-utils modify the /etc/ldap/ldap.conf file to look like

BASE  ...,dc=company,dc=local
URI     ldaps://ldapserver.company.local:636

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /usr/lib/ssl/certs/ad-ca.crt

Thanks we will check this