I am trying to implement ldapquery from my opnsense router. For it to work it apparently needs tls as when trying without, the log states:
opnsense: LDAP bind error [BindSimple: Transport encryption required.,Strong(er) authentication required].
Now configuring TLS there needs to be added the appropriate certificate to my router, as without thre is the following message:
opnsense: LDAP bind error [TLS: hostname does not match CN in peer certificate,Can’t contact LDAP server]
So my question is, which/where is the certificate the ad container in nethserver is using? I’d like to try importing in to my router and check if ldap queries work that way.
Thank you, well yes partially it helps, as the question which certificate/key to put in opnsense was answered. But I still get:
opnsense: LDAP bind error [TLS: hostname does not match CN in peer certificate,Can’t contact LDAP server]
I suspect the reason is, that the letsencrypt certificate does not include ad.ourdomain.com? I will recreate a new certificate and test with that.
Edit to add, added ad.ourdomain.com in my letsencrypt certificate. That way I got rid of the above error. Now I have to check with opnsense settings but the issue here is solved it seems. The remaining error message now reads:
opnsense: LDAP bind error [80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1,Invalid credentials]
Thanks for your fast reply.
Edit to add, it works now. The correct settings are: