Announcement

Collapse
No announcement yet.

Authentificating against AD via LDAPS for EspoCRM in Docker

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentificating against AD via LDAPS for EspoCRM in Docker

    Hello!

    Having deployed the latest version of EspoCRM. When trying to set LDAPS authentification up, I get an error:

    >>> Error 500: 0x51 (Can't contact LDAP server; (unknown error code)): ldaps://SERVER:3269
    The error implies some troubles with the LDAP server cert, so I need to point out to CA certificate.

    Now is the question: How do I do that? As I haven't found such an option via GUI, it seems I have to put it directly to some place in the container. Where should I put the file?

    Thanks.

  • #2
    Hi,

    Disclaimer: I'm not a specialist in LDAP.

    Espo uses Laminas\Ldap library that uses ldap php extension. Maybe this docs will help: https://docs.laminas.dev/laminas-aut.../adapter/ldap/. See "TLS and SSL" section.

    Comment


    • Mexonizator
      Mexonizator commented
      Editing a comment
      Hello.

      Yes, I've already learned that. The matter is, it's based on OpenLdap, no traces of which I can see in the container. So the question what location EspoCRM checks while connecting to AD remains opened.

      It's a basic SSL/TLS functionality that's already been realised in the CRM and there surely should be some answer...

  • #3
    Hello.

    Any other suggestions?

    Comment


    • #4
      I seen a few thread about people using LDAP, although it isn't flawless though (something about data synching) so LDAP does work.

      My only suggestion would be to see if you can pinpoint where issue,

      "is it my LDAP configuration" - recheck setting again, try with another system/software that you can get it to work with LDAP
      "is it EspoCRM issue?" - try with a fresh installation on some developer/testing copy

      I'm not sure if there any Public testing LDAP available, there is plenty of API/Rest API that can use. If there is one for LDAP you can give that a try (using the test server as your config) to see if it work, then slowly find out where the issue lies and work around that.

      Comment


      • #5
        Thanks, but to be honest, some technicalities would help me more... For example, it's Debian that's used in the containers. It seems not to have openldap installed (which is allegedly used by the luminas-ldap), but nevertheless the CRM is capable of making LDAP queries. That means, that it uses something else. It'd help to learn what it is exactly...

        Comment


        • esforim
          esforim commented
          Editing a comment
          Sorry I forgot to put a disclaimer that I don't use LDAP and can't really help you. Perhaps someone with more skill can... hopefully...

          But from my perspective LDAP is low usage

      • #6
        Thanks to all for the suggestions.

        In the end, it appears that the right path to the cert is

        Code:
         /etc/ssl/certs/ca-certificates.crt
        But for it to work one needs to install libldap-common lib as the current docker hub image doesn't have it:

        Code:
         apt-get update && apt-get install libldap-common
        So it's a bug and I hope the devs would fix it.

        Comment


        • esforim
          esforim commented
          Editing a comment
          You should make a thread report in the Bug section. Otherwise it won't get notice.
      Working...
      X