[ltb-dev] [LDAP Tool Box - Bug #883] (Rejected) LDAP - Bind error -1 (Can't contact LDAP server)

noreply at lsc-project.org noreply at lsc-project.org
Tue Dec 20 15:13:57 CET 2016

Issue #883 has been updated by Clément OUDOT.

Status changed from New to Rejected
Target version deleted (self-service-password-?)

Hello David,

please use mailing list to ask questions if you can, it is easiest to get answers from community. Subscribe here: http://lists.ltb-project.org/listinfo/ltb-users

Try first to connect to AD in LDAP to see if is works, then try LDAPS. If it fails with LDAPS, then you have an error with your certificate.
Bug #883: LDAP - Bind error -1  (Can't contact LDAP server)

Author: david pereira
Status: Rejected
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: 


Have problem when i want test my config.

I receive Error message :  Erreur d'accès à l'annuaire

When i looking for the log : [:error] [pid 2869] [client] LDAP - Bind error -1  (Can't contact LDAP server), referer:

I create certificat with this document ( https://confluence.atlassian.com/crowd/configuring-an-ssl-certificate-for-microsoft-active-directory-63504388.html ).

I export the certificat to /etc/ssl and modify ldap.conf ( /etc/ldap/ldap.conf

Can you help me ? 



$ldap_url = "ldaps://AD.thor.fr:636";
#$ldap_starttls = true;
$ldap_starttls = false;

$ldap_binddn = "CN=Administrateur,CN=Users,DC=thor,DC=fr";

$ldap_bindpw = "Secret";

$ldap_base = "OU=Sites,DC=thor,DC=fr";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
#$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";

# Active Directory mode
# true: use unicodePwd as password field
# false: LDAPv3 standard behavior
#$ad_mode = false;
$ad_mode = true;
# Force account unlock when password is changed
$ad_options['force_unlock'] = false;
# Force user change password at next login
$ad_options['force_pwd_change'] = false;
# Allow user with expired password to change password
$ad_options['change_expired_password'] = false;

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20161220/87e4e2e1/attachment.htm>

More information about the ltb-dev mailing list