Foreman AD LDAPS auth

Support
1

Hello

I am following this section on creating AD LDAPS auth for foreman
https://theforeman.org/manuals/1.11/index.html#4.1WebInterface

This is secure LDAP and here is how I exported the cert from AD

  1. Go to Active Directory certificate authority MMC
  2. right click CA -> all tasks -> backup CA
  3. select "private key and CA certificate"
  4. no password specific
  5. Finish

I take this and put it in

/usr/local/share/ca-certificates/

Then I issue command

update-ca-certificates

It says it added a cert.

I go back on foreman and try to login with AD creds. no go.

Appreciate the help!
John

2

Hi John

> Hello
>
> I am following this section on creating AD LDAPS auth for foreman
> Foreman :: Manual
>
> This is secure LDAP and here is how I exported the cert from AD
>
> 1. Go to Active Directory certificate authority MMC
> 2. right click CA -> all tasks -> backup CA
> 3. select "private key and CA certificate"
> 4. no password specific
> 5. Finish
>
> I take this and put it in
>
> /usr/local/share/ca-certificates/
>
> Then I issue command
>
> update-ca-certificates
>
> It says it added a cert.
>
> I go back on foreman and try to login with AD creds. no go.
[…]

Can you provide some more details? I guess you're running Foreman on Debian /
Ubuntu?

Do you get the error message regarding untrusted / not able to verify
connection?

Perhaps some intermediate certs of your CA are missing. You can also extract the
certificates through the following way:

echo | openssl s_client -showcerts -connect $DC_FQDN:636

Try to combine the intermediate and root CA certs into one file.

Cheers

Michael

··· On Wed, 15 Jun 2016 13:23:15 -0700 (PDT) John Test wrote:
3

hi Mike

I fixed this by adding the cert into the file specified in
/etc/ldap/ldap.conf
Yes this is on Ubuntu 14

Thank you for your help
John

··· On Thu, Jun 16, 2016 at 1:38 AM, Michael Hofer < michael.hofer@adfinis-sygroup.ch> wrote:

Hi John

On Wed, 15 Jun 2016 13:23:15 -0700 (PDT) > John Test johntest035@gmail.com wrote:

Hello

I am following this section on creating AD LDAPS auth for foreman
Foreman :: Manual

This is secure LDAP and here is how I exported the cert from AD

  1. Go to Active Directory certificate authority MMC
  2. right click CA → all tasks → backup CA
  3. select “private key and CA certificate”
  4. no password specific
  5. Finish

I take this and put it in

/usr/local/share/ca-certificates/

Then I issue command

update-ca-certificates

It says it added a cert.

I go back on foreman and try to login with AD creds. no go.
[…]

Can you provide some more details? I guess you’re running Foreman on
Debian /
Ubuntu?

Do you get the error message regarding untrusted / not able to verify
connection?

Perhaps some intermediate certs of your CA are missing. You can also
extract the
certificates through the following way:

echo | openssl s_client -showcerts -connect $DC_FQDN:636

Try to combine the intermediate and root CA certs into one file.

Cheers

Michael


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/UGdGpN6zB0w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.