SSL / LDAP issue, 2.7.3

Post Reply
chris1337c
OpenVpn Newbie
Posts: 5
Joined: Tue Apr 23, 2019 7:27 pm

SSL / LDAP issue, 2.7.3

Post by chris1337c » Fri May 03, 2019 10:10 pm

{'info': 'error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol', 'desc': "Can't contact LDAP server"}

Hello,
Above is the error message I get when trying the identical settings seen on the Web GUI of our access server running 2.5.2. (the previous IT Admin lost the root password so I am rebuilding our access server with the new build, yes I already tried every possible way to reset this password).

The new access server is running on CentOS7 & Access server version 2.7.3. I can ping the domain controller & the domain controller can ping the access server. I noticed that TLS was defaulted to 1.2, the other access server was running 1.1. I have already tested trying to have this run on 1.1 from the 2.7.3 and I still received the same failure message. When I disable SSL on the access server, LDAP works.

I would really appreciate some help with this as our licenses need to be transferred to the new server before they can be renewed (this is why I had to rebuild the server).

Thank you.

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: SSL / LDAP issue, 2.7.3

Post by novaflash » Sun May 05, 2019 11:36 am

Looks like your LDAP server does not support the expected encryption level. Try to ensure your LDAP server supports at least TLS 1.1.

chris1337c
OpenVpn Newbie
Posts: 5
Joined: Tue Apr 23, 2019 7:27 pm

Re: SSL / LDAP issue, 2.7.3

Post by chris1337c » Mon May 06, 2019 5:18 pm

The issue with this is I have an AS server already running on TLS 1.1, here is the output:
root@localhost ~]# openssl s_client -connect 192.168.111.31:636
CONNECTED(00000003)
depth=0
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
verify error:num=21:unable to verify the first certificate
verify return:1

Post Reply