Problem:
Trying to login (with LDAP account) in Foreman i am getting an error:
Oops, we’re sorry but something went wrong Connection reset by peer
Sometimes it is working and sometimes not. With local account i have no problem.
Ldap test connection: Test connection to LDAP server was successful.
Expected outcome:
Foreman and Proxy versions:
Foreman version: 1.24.2
Katello version: 3.14.1
You should probably enable LDAP debug logging to see more details, then look at the log at /var/log/foreman/production.log
https://theforeman.org/manuals/1.24/index.html#7.2Debugging
Then remember to disable debug logging when you are done.
After disable LDAPS it is working again.
I ran into the same problem. So far I have not found a solution to the problem. Unfortunately, increasing the ldap debug level hasn’t helped yet.
Is there any message in the logs? it looks like the error is caused by the ldap server closing the connection, so might have to do with its configuration or network issues?
I get the following error message on the “Test environment” updated yesterday from foreman 122. to 1.24.
ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([Net::LDAP::Error]: hostname "ldaps-server.some.domain" does not match the server certificate)
The “Prod environment” using the same ldaps configuration and certificate still on foreman 1.22 is working without issues.
We found the problem after downloading the ldaps server certificate. The certificate for the ldaps server is issued incorrectly (wrong server name). It looks like the newer version of Foreman is stricter when it comes to certificate verification.
Thanks for the update!
We have updated the library used to connect with LDAP servers in 1.24 to a newer version that does a better job of verifying the TLS certificates. I’ve gone ahead and updated ERF50-1006 - Foreman to suggest checking the certificates when facing this error.