Hi,
I am met with an issue where Moodle authentication doesn't work via STARTTLS. The same connection works via LDAP, but I have to set up secure connection.
In /etc/openldap/ldap.conf I have put the required info about TLS_CACERT and the value of TLS_REQCERT is set on always. (I also tried never, but that didn't help).
TLS_REQCERT always
TLS_CACERT path/ldap.crt
I have set the following settings:
HOST URL: ldap://szgdc3.biz.dom
Version: 3
Use TLS: Yes
I am connecting to MS ActiveDirectory server which by what I read on forums should work on port 389. However when I try to test the connection I get the following response:
Warning: ldap_start_tls(): Unable to start TLS: Connect error in /var/www/html/moodle/lib/ldaplib.php on line 211
LDAP-module cannot connect to any servers: Server: 'ldap://szgdc3.biz.dom', Connection: 'Resource id #621', STARTTLS failed.
I tried testing it with ldapsearch and connection is successful.
ldapsearch -x -ZZ -h "servername" -p 389 -D user -w 'password' -b 'BASE' -s sub "(objectclass=*)"
It could be the issue where the certificate doesn't have subject name which violates RFC5280 - https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
- Certificate[0] info: - no subject,issuer
Can someone assist me with the following as I can't find what would be the issue that prevents me from making the connection. I have anonymized all of the information as much as I could.