Defect #28558


Added by Brian Rose over 4 years ago. Updated about 4 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:


Category:Accounts / authentication
Target version:-
Resolution: Affected version:3.4.3


Disclaimer: I am not an IT pro, I just play one on TV.

I am trying to migrate a Redmine instance from one server to another. The last bit that I am trying to get working is to connect Redmine to OpenLDAP.

My server configuration (details attached) is an Ubuntu 16.04.04 Server, with OpenLDAP 2.4.42 and Redmine 3.4.4. Note that this machine has a self-signed security certificate.

I am able to connect to the LDAP server with Apache Directory Studio and also ldapsearch on the command line.

LDAPTLS_REQCERT=never ldapsearch -D "cn=admin,dc=ubuntutest" -W -p 389 -h ubuntutest -b "dc=ubuntutest" -s sub -x -ZZ "(objectclass=*)"

When I configure the LDAP connection in Redmine and test it, I get the following error.

Unable to connect (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A)

I have a feeling this has to do with the self signed cert in some way, but I am not sure where to start looking here.

Any ideas?

REDMINE-backup-sharesafe.rtf (133 KB) Brian Rose, 2018-04-14 13:45


#1 Updated by Brian Rose over 4 years ago

Note that this functions with the LDAPS box unchecked.

#2 Updated by Gregor Schmidt about 4 years ago

LDAPS will use a different port than LDAP. The default ports are 389 for LDAP and 636 for LDAPS.

There is a different LDAP mode called START_TLS which is currently not supported by Redmine. LDAP+START_TLS will be using the same port as plain LDAP, i.e. 389 by default. Maybe ldap_search is using this mode of operation?

#3 Updated by Brian Rose about 4 years ago

As I understand LDAP + START_TLS is the preferred method over LDAPS. Most current tutorials on setting up a secure LDAP server use this method.

Start TLS is defined in the current LDAP RFC. Is there any particular reason why Redmine cannot support it?

Also available in: Atom PDF