Project

General

Profile

Actions
Copy link

Bug #15588

open

The picking of CA in the LDAP config is inconsistent.

Added by Lev Prokofev 1 day ago. Updated about 22 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

It appears that the picking of the CA is inconsistent, I have various CAs, and only one is valid for the communication with Windows AD.
If I change the CA to any other, I am still able to send requests to the LDAP server, and in certain cases, the valid LDAP cert will be not picked even if it is set, which leads to an auth fail with an error (Unknown CA)
I attached the GIF that shows the behavior

https://nc.netgate.com/nextcloud/s/GKgcMfM9pLQjCLW

tested on

24.03-RELEASE (amd64)
built on Mon May 13 15:17:00 MSK 2024
FreeBSD 15.0-CURRENT

Files

Download all files
clipboard-202406291247-0gd2z.png (27.5 KB) clipboard-202406291247-0gd2z.png Lev Prokofev, 06/29/2024 09:47 AM
clipboard-202406291916-5h2z3.png (77.1 KB) clipboard-202406291916-5h2z3.png Lev Prokofev, 06/29/2024 04:16 PM
Actions
Copy link
 #1

Updated by Christopher Cope 1 day ago

As mentioned in the troubleshooting section, you may need to restart PHP and the GUI for the changes to take effect.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/authentication.html#restart-php-and-the-gui

Please confirm that doing this fixes the issues you are seeing.

Actions
Copy link
 #2

Updated by Lev Prokofev about 22 hours ago

Even after restarting PHP and GUI, the behavior was inconsistent, I set the wrong cert (R3), saved, restarted PHP and GUI, and the query still working

Actions
Copy link

Also available in: Atom PDF