On 7/13/22 23:35, aRaviNd wrote:
[..] authenticate users using LDAP. Authentication was working fine but after upgrading the LDAP server to the latest version of the OS we are getting authentication failures below are the errors showing in the log [..] Jul 13 20:26:52 ldap.local slapd[18572]: conn=1003 fd=14 closed (TLS negotiation failure)
This message typically indicates that the LDAP client cannot validate the TLS server cert (anymore in your case).
Are you sure that you did not change anything regarding configuration of TLS server certs?
We are not seeing the error while connecting to OpenLDAP servers using OpenSSL or LDAP client tools.
Maybe those tools are using a different global default file with trusted CA certs.
You should try with explicitly specifying the relevant CA cert bundle file:
openssl s_client -CAfile /path/to/chef-ui-cacert.pem
LDAPTLS_CACERT=/path/to/chef-ui-cacert.pem ldapwhoami -H ldaps://..
Ciao, Michael.