Cannot contact LDAP server
Error: 'Can't contact LDAP server' while saving LDAP setting from Ezeelogin GUI
Overview: This article describes the troubleshooting steps to resolve the error "Can't contact LDAP server" in Ezeelogin by enabling the debug logs, checking LDAP certificates and permissions and configuring SSL in ldap.conf.
Step 1: Append log_level trace in /usr/local/etc/ezlogin/ez.conf to get the debug log.
Step 2: Tail the latest application log to see the detailed error log.
Step 3: Find the below error from the application log
DEBUG - 2022-07-01 14:21:21 --> uris: Array
(
[0] => ldaps://ad.cloudweg.com:636
)
DEBUG - 2022-07-01 14:21:21 --> uri: ldaps://ad.cloudweg.com:636
DEBUG - 2022-07-01 14:21:21 --> No StartTLS
ERROR - 2022-07-01 14:21:21 --> LDAP bind: CN=Administrator,CN=Users,DC=ezad,DC=com, password, -1, Can't contact LDAP server,
DEBUG - 2022-07-01 14:21:21 --> AJAX response sent
Step 4: Make sure there is certificates in the path and check the permission of owner and group.
root@gateway:~# chown -R ldap:ldap /etc/openldap/certs/*
root@gateway:~# chmod 644 -R /etc/openldap/certs/*
root@gateway# ls -al /etc/openldap/certs/
-rw-r--r--. 1 ldap ldap 1176 Jun 18 08:45 ldapserver.crt
-rw-r--r--. 1 ldap ldap 985 Jun 18 08:45 ldapserver.csr
-rw-r--r--. 1 ldap ldap 1679 Jun 18 08:47 ldapserver.key
Step 5: Add below line in ldap.conf to allow LDAP to connect with SSL
root@gateway:~# vim /etc/ldap.conf
URI ldaps://ad.cloudweg.com/
TLS_REQCERT allow
Step 6: Make sure to add the path of certificates in slapd.conf and restart slapd to save the changes.
root@gateway:~# vim /etc/ldap/slapd.conf
root@gateway:~# systemctl restart slapd
Related Articles:
How to solve LDAP bind error: Invalid credentials ?