Could not bind to the LDAP server (SoGo) ldaps
theoneandonly-vector opened this issue · 4 comments
docker-compose logs -f sogo-mailcow:
[ERROR] <0x0x5631569a5d70[LDAPSource]> Could not bind to the LDAP server ldaps://dc.mydomian.tld:636 (389) using the bind DN: synchuser@DOMAIN.TLD
why does it show (389) when I set ldaps and port 636?
when I set these values manually inside "plist_ldap" which per documentation of SoGo shouldn't be needed (deprecated):
<key>encryption</key>
<string>SSL</string>
<key>port</key>
<string>636</string>
it will tell me it tries to connect using port 636, but I'm not sure if really applies encryption = SSL, as I can test my AD successfully using LDAP Admin.
I also manually ran this to trust the certificate like I did on my custom build of "ldap-mailcow":
tar -c ./ucs-root-ca.crt | docker exec -i mailcowdockerized_sogo-mailcow_1 /bin/tar -C /tmp -x
docker exec -it mailcowdockerized_sogo-mailcow_1 bash
cp /tmp/ucs-root-ca.crt /usr/local/share/ca-certificates/foo.crt
chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates
maybe there's a method to get more logs out of it?
I can reach the host from inside the docker (maybe someone thinks it's a network issue..):
openssl s_client -connect dc.domain.tld:636
It has to be an issue with SSL somehow..
I also tried setting
LDAPTLS_REQCERT=never
and also:
LDAP_TLS_INSECURE=true
but both will just result in:
conf line 6: Unknown setting: LDAPTLS_REQCERT