Project

General

Profile

Actions

Bug #15588

closed

The picking of CA in the LDAP config is inconsistent.

Added by Lev Prokofev 6 months ago. Updated 6 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

It appears that the picking of the CA is inconsistent, I have various CAs, and only one is valid for the communication with Windows AD.
If I change the CA to any other, I am still able to send requests to the LDAP server, and in certain cases, the valid LDAP cert will be not picked even if it is set, which leads to an auth fail with an error (Unknown CA)
I attached the GIF that shows the behavior

https://nc.netgate.com/nextcloud/s/GKgcMfM9pLQjCLW

tested on

24.03-RELEASE (amd64)
built on Mon May 13 15:17:00 MSK 2024
FreeBSD 15.0-CURRENT


Files


Related issues

Is duplicate of Bug #15060: LDAP bind fails when authentication servers use different CA chainsNew

Actions
Actions #1

Updated by Christopher Cope 6 months ago

As mentioned in the troubleshooting section, you may need to restart PHP and the GUI for the changes to take effect.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/authentication.html#restart-php-and-the-gui

Please confirm that doing this fixes the issues you are seeing.

Actions #2

Updated by Lev Prokofev 6 months ago

Even after restarting PHP and GUI, the behavior was inconsistent, I set the wrong cert (R3), saved, restarted PHP and GUI, and the query still working

Actions #3

Updated by Jim Pingle 6 months ago

  • Status changed from New to Duplicate

Seems to be one we already have an issue open for: #15060

Actions #4

Updated by Jim Pingle 6 months ago

  • Is duplicate of Bug #15060: LDAP bind fails when authentication servers use different CA chains added
Actions

Also available in: Atom PDF