Did the server change? Try adding line “TLS_REQCERT ALLOW” to /etc/ldap/ldap.conf (assuming that’s where your LDAP configuration file is). See http://www.openldap.org/doc/admin21/tls.html 11.2.2.6.
If that works then there’s a trust problem between client and server which you may want to fix.
Using ldapsearch with “-d <debuglevel>” is the easiest method to see what happens on the client side.
Thread Starter
ykoeda
(@ykoeda)
Sorry about the forgotten version information. Yes, I’m using 1.7.15. Line numbers were shifted because of the debug statements I added to solve a bigger problem. (Plugin tries to get authentication group dn with user account bind instead of using the pre-bind account, which doesn’t work with our LDAP settings. We worked around this by disabling automatic account creation and dropping the group check altogether).
You are correct about the additional logic, I didn’t take a broad enough look at the program flow.
It’s nice to see this being fixed. Thanks!
