I use OPNsense as a certificate authority (CA) and created and imported server certificates to my Nethserver(s). Additionally I had to import those certs into Firefox and Thunderbird because they use their own cert-store. This looks good now…
In a different LAN I use the OPNsense LDAP Bind to get credentials from a Windows 2019 server but without encryption, just tcp port 389…
I would like to use Nethserver Authentication credentials for LDAP applications and bind OPNsense to it but I get this error:
LDAP bind error [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate); Can't contact LDAP server]
Has someone of you had the same error or can give me some infos?
Edit:
Maybe I have to use intermediate certs what I didnt… described here: self-signed-chain
AFAIK OPNsense needs valid certs (I use LE & AD…) for SSL. With LE and AD using LE certs, OPNsense can connect and sees the AD-LDAP… (AD is on NethServer).
I never used LDAP on NethServer, because of Samba shares…