LDAPS TLS Unknown CA

andrin · April 2, 2020, 1:41pm

LDAPS fails to connect to Server since migration from Centos7 to Centos8:

user-mgr.c(300): ldap_bind failed for user seafile_admin@example.com: Can’t contact LDAP server.
user-mgr.c(385): Please check USER_DN and PASSWORD settings.

libnssutil3.so was moved according to documentation. CA Cert is imported according to Red Hat documentation. LDAPSearch works. OpenSSL also connects flawlessly:

CONNECTED(00000003)
depth=1 DC = com, DC = example, CN = example-WIN-CA
verify return:1
depth=0 CN = ldapserver.example.com
verify return:1

According to wireshark on the LDAP Server (ip ending with 50), the seafile server (ip ending with 130) doesen’t know about the CA:

andrin · April 2, 2020, 1:46pm

I even tried to import the CA into the NSS store, since seafile seems to use NSS:

certutil -d /etc/pki/nssdb -A -t “CT,c,c” -n example-WIN-CA -i /etc/pki/ca-trust/source/anchors/example-WIN-CA-public.pem

However this did not make any difference.

andrin · April 17, 2020, 12:29pm

Does anybody has an Idea?