Issue #845 new

Issues with LDAP over SSL

Anonymous created an issue

I've just setup a new rhodecode instance that uses LDAP over SSL but have come across an issue.

I have followed the instructions at, which tells me to install (copy) the CA certifcate into /opt/openldap/cacerts, which I have. But whenever I try to login using an LDAP account it fails with the log message "LDAP can't access authentication server"

Not one for being defeated, I started to play around with code to get a more useful error message. By printing out the dictionary returned by the exception ldap.SERVER_DOWN, the debug log now showed that the 'peer's certificate issuer is not recognized' when I try to login.

After playing around with the python-ldap options, it appears that if I change the ldap object to use a CA Certificate file directly using ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts/myca.pem') and then restart the rhodecode service, ldap works. So... it appears that ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts') does not actually work at all.

This needs investigation to either extract the ca certificate file path as a configuration option or fix OPT_X_TLS_CACERTDIR so that it actaully works.

Comments (0)

  1. Log in to comment