FS#59756 - [opensips] TLS connection with ldaps:// does not work
Attached to Project:
Community Packages
Opened by Thorsten (Thorsten) - Wednesday, 22 August 2018, 16:31 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 24 September 2020, 18:11 GMT
Opened by Thorsten (Thorsten) - Wednesday, 22 August 2018, 16:31 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 24 September 2020, 18:11 GMT
|
Details
Description:
LDAP can use TLS in two forms: -[type1] with SartTLS using port 389 -[type2] direct TLS connection using port 636 opensips LDAP module correctly support [type1] but not [type2]. Additional info: * package version(s): opensips 2.4.1-1 * config file 'opensips.cfg': ... loadmodule "ldap.so" modparam("ldap", "config_file", "/etc/opensips/ldap.ini") ... * config file 'ldap.ini': [ldap_session_1] ldap_version = 3 ldap_server_url = "ldaps://my-openldap-server-hostname" ldap_bind_dn = "uid=opensips,ou=users,dc=example.com" ldap_bind_password = "thePassword" ldap_ca_cert_file = "/etc/ca.crt" ldap_cert_file = "/etc/client_cert.pem" ldap_key_file = "/etc/client_key.pem" ldap_require_certificate = "NEVER" Steps to reproduce: - OpenLDAP should be started and listening on port 636 with 'ldaps' protocol. - Start openSIPS. openSIPS LDAP module can't connect to OpenLDAP. Changing 'ldap_version=3' to 'ldap_version=2' does not resolve the issue. Documentation point out compatibility with LDAP v2 and v3: http://www.opensips.org/html/docs/modules/2.4.x/ldap.html |
This task depends upon
Closed by Sergej Pupykin (sergej)
Thursday, 24 September 2020, 18:11 GMT
Reason for closing: No response
Thursday, 24 September 2020, 18:11 GMT
Reason for closing: No response
/usr/bin/opensips[17039]: NOTICE:core:main: version: opensips 2.4.2 (x86_64/linux)
/usr/bin/opensips[17039]: NOTICE:signaling:mod_init: initializing module ...
/usr/bin/opensips[17040]: ERROR:ldap:ldap_connect: ldap_start_tls_s(): Operations error
/usr/bin/opensips[17040]: ERROR:ldap:child_init: [ldap_session1]: failed to connect to LDAP host(s)
systemd[1]: opensips.service: Control process exited, code=exited status=255
/usr/bin/opensips[17040]: ERROR:core:init_mod_child: failed to initializing module ldap, rank -2
/usr/bin/opensips[17040]: ERROR:core:start_module_procs: error in init_child for PROC_MODULE
/usr/bin/opensips[17051]: ERROR:ldap:ldap_connect: ldap_start_tls_s(): Operations error
/usr/bin/opensips[17051]: ERROR:ldap:child_init: [ldap_session1]: failed to connect to LDAP host(s)
/usr/bin/opensips[17051]: ERROR:core:init_mod_child: failed to initializing module ldap, rank 9
/usr/bin/opensips[17051]: ERROR:core:tcp_start_processes: init_children failed
/usr/bin/opensips[17051]: ERROR:core:tcp_start_processes: failed to send -1 status code
/usr/bin/opensips[17054]: ERROR:ldap:ldap_connect: ldap_start_tls_s(): Operations error
/usr/bin/opensips[17054]: ERROR:ldap:child_init: [ldap_session1]: failed to connect to LDAP host(s)
/usr/bin/opensips[17054]: ERROR:core:init_mod_child: failed to initializing module ldap, rank 12
/usr/bin/opensips[17054]: ERROR:core:tcp_start_processes: init_children failed
/usr/bin/opensips[17054]: ERROR:core:tcp_start_processes: failed to send -1 status code
systemd[1]: opensips.service: Failed with result 'exit-code'.
systemd[1]: Failed to start OpenSIPS daemon.