LDAP Simple Bind not working

NethServer Version:** 7.9.2009
Module: LDAP Server

I have been reading and searching, but can’t find a way to get it to work.

My situation.
I’m using Nethserver as a “do it all server” in an isolated network. So I’m not exposed to the internet.
I can’t get a public domain, or certificate for this.

I want to use the NethServer LDAP locally to create users and groups that another applications in the network can use. (test/demonstration setup)

The LDAP server is running, and I have created some users and groups.

I can connect to it anonymously from another machine using applications such as ldapsearch and jExplorer.
It shows me all the configured users.

Whenever I try to use a Bind, it fails.
Simple bind, not using TLS or SSL is all that I need, but the NethServer seems to throw this out every time I try it.

I have errors coming back giving either “invalid credentials”, or “certificate not trusted”
Which I think is linked to it being self-signed.

I’m using the bind DN (ldapservice) and the password as published on the “Domain accounts” page to try to log in/Bind

I have also tried to copy the NethServer certificate, to import it in the other applications, as a certificate that can be trusted, but to avail. It also leads me in other rabbit holes with more issues.
(like JExplorer needs a keystore password to add the certificate, one that I don’t have, and the actual application I need LDAP for, doesn’t seem to have any option to add a trusted certificate anyway.)

Am I missing something?
Does the NethServer LDAP allow Simple Bind?

Maybe LDAP server firewall allows only loopback connection? :wink:

Hi @WarAnt

I think your environment will not work.

Most present (It is 2023 now!) Apps, especially those programmed with JAVA or PHP require valid ssl certs to work.
You can spend weeks on this, it will never work more than once or twice, due to the certificte issue.
Smartphones will not accept “bogus”, self generated certificates either.

So basically, you’re not learning anything (Like: Valid SSL certs needed, a real domain needed, Internet needed!) but wasting a lot of time for a “Test Lab”, where one can’t test anything real, as certificate issues waste the day(s)…

I do see some hope, however: Here, you seem to learnt something:

Don’t forget, that for over 20 years even Windows reports Username or Password not valid, when indeed both ARE valid, but AD version different, IP locked out, Account locked out…
The message is not supposed to give a hacker any clues why…

And both LDAP and AD were concepted as Enterprise Authentification Frameworks, in the sense of connected, worldwide, and SECURE !!!

My 2 cents

Appreciate the feedback.

I’ve stopped wasting time on it.
It was a good learning experience.

1 Like