URGENT! LDAP failed after upgrading Pro server

leo.lanzi · April 30, 2017, 4:51pm

Hi,

I tried both solutions, with or without boundled libraries, but connection still fails when I try to use ldaps.
In ccnet.log, there is:
ldap_bind failed for user Manager: Can’t contact LDAP server.

A tshark examination of the traffic to and from the ldaps server shows that after SYN, SYN ACK, the client immediately send a FYN.

Simple unencrypted ldap works fine.

Xaver_Muster · May 2, 2017, 8:38am

As described earlier, I also tried to remove the bundled libraries without success. We have bought a valid pro license and like to get ldaps work again. The fact that ldapsync works with ldaps makes me think that it should not be a big problem to make ldapbind also work again.

Jonathan · May 4, 2017, 12:57am

Now the package is built on CentOS 6. So there could be binary compatibility problem with CentOS 7’s ssl related libraries. We’ll build it for CentOS 7 soon. I think that would solve the problem.

leo.lanzi · May 4, 2017, 6:07am

Dear Jonathan,

thank you so much for that, and also for all your work on seafile.

Leo

Xaver_Muster · May 5, 2017, 7:20am

Sounds great
Thanks.

Xaver_Muster · July 10, 2017, 12:30pm

Hi,

I just installed the latest pro version 6.1.3. LDAPS is still not working. Did you compile it on CentOS 7?

Jonathan · July 11, 2017, 2:25pm

Sorry we haven’t had the time to do so yet.

Xaver_Muster · October 4, 2017, 2:08pm

Now, half a year after the problem first occured, it is still not resolved. I just installed the latest Seafile pro 6.1.9 and still can not connect via LDAPS to our ldap server on RedHat 7.3.

sysinit · November 4, 2017, 6:12pm

You should really take the time to create the CentOS 7 packages, because this is getting a security issue. Now the GLIBC packages are depending on the newer NSS and NSPR libraries. Until now one could hold back only the relevant libraries to keep Seafile working with LDAP authentication. Now it means you cannot update nearly a single package… Please raise the priority for this problem!

Jonathan · November 5, 2017, 11:51am

We’re already working on it.

sysinit · February 13, 2018, 10:54am

Still? The anniversary is approaching for this bug.
@daniel.pan If you are officially supporting CentOS 7 then this should really not happen.

Xaver_Muster · February 14, 2018, 3:45pm

No, LDAPS authentication works meanwhile on centos 7

sysinit · February 19, 2018, 6:47pm

Finally! Thank you for your reply!
Would have been worth mentioning in the changelog…

at_hacker · June 9, 2018, 2:48pm

Could you please share the knowledge how to get LDAPS to work on CentOS 7 ? I’ve just updated Seafile to 6.2.5 and still no luck – “Can’t contact LDAP server”. With LDAP works OK.