[horde] Horde secure ldap intermittently fails on remote server.

Daniel Carrasco Marín d.carrasco at ttu.es
Fri Jul 3 07:50:46 UTC 2015 

El 03/07/15 a las 09:02, Steffen escribió:
> On Thu, 2 Jul 2015, Daniel Carrasco Marín wrote:
>
>> I've configured another local server with horde and works fine with 
>> ldaps then i don't know what can be the problem.
>>
>> Se ha producido un error irreparable
>>
>>
>>     Unable to start TLS and unable to fetch rootDSE entry to see if
>>     TLS is supported: Can't contact LDAP server Parameters: Base:
>>     Filter: (objectClass=*) Scope: base
>>
>> Another problem is that I can't use the 636 port for secure 
>> connections. Horde fails if i try to use that port instead the normal 
>> ldap port (389).
>>
>> PDTA: I've another VM on same remote machine using ldaps too and 
>> works fine (owncloud). Even using the 636 port.
>
> try the standard network connection problem stuff first:
>
> + telnet ldap-server 389
> + telnet ldap-server 636
> + openssl s_client -connect ldap-server:636
> + ldapsearch -x -ZZ -H ldaps://djdjdjd/ -b 'base DN'
>
> "Can't contact LDAP server" sounds like a connection problem, esp. if 
> you say one server can connect to port 636 and yours can't.
>
> However, make sure you the proper CA installed, too.
>
Hi,

Thanks for you answer.

Telnet command are working perfect. Are the commands i use to check the 
connection between both servers (i've to open the ports first).

Openssl command works too and shows my certificate info.

The ldapsearch command fails if i use ldaps:
ldap_start_tls: Operations error (1)
     additional info: START-TLS: TLS is already enabled on this LDAP session

but i've the same behaviour in the other server and ldaps is working fine...

The CA cert is fine too, installed on /usr/local/share/ca-certificates 
and updated the certs store (linked on /etc/ssl/certs by the program). 
Even i've added the cert path to OpenSSL configuration inside Horde.

I've done a test with ping to see if there are lost packets and is fine 
too (less than 40ms in all packets).

The strange behaviour is that works for a while, then fails two seconds 
and comes again to life and only happens when i activate the tls on ldap.

Can be the server version?, because in one i'm using Debian 7 (working 
fine) and in other Debian 8 (ldaps problems), and the test script shows 
a warning about the php version is no tested.

Greetings!!

More information about the horde mailing list