We use phpldapadmin with Openldap on Debian 9. We use Let's Encrypt certificates on Openldap. Since the expiration of the IdentTrust DST Root CA X3, we experienced a shutdown of our LDAP System. We managed to make it work by updating the certificates and truststores but it seems that phpldapadmin does not work since then. When I try to connect to my admin user, I get :
Error: Could not start TLS. Please check your LDAP server configuration.
Unable to connect to LDAP server myldapdomain.com
Error: Can't contact LDAP server (-1) for user
Failed to Authenticate to server
Invalid Username or Password.
I used to have this configuration for TLS in the config.php file :
$servers->setValue('server','host','myldapdomain.com');
$servers->setValue('server','tls',true);
After searching a bit on the web, I changed the configuration to :
$servers->setValue('server','host','ldaps://myldapdomain.com');
#$servers->setValue('server','tls',true);
Which made it work somehow ? I'm not sure why the old configuration is not working anymore. Is the new configuration secure ? I suppose so since we use ldaps://
ps : I checked with ldapsearch and openssl s_client and the certificate is ok on the LDAP server, I can connect.
0 Answers