11 June 2011, 16:36

Hello,  I'm working to configure authentication directly against an LDAP server in Mahara, and have the standard authentication working on port 389.  Does Mahara currently supports authentication against a secure LDAPS server on the standard port 636?  I'm currently only able to see the same error message, regardless of what combination of ldaps/port number i configure in the ldap host field:

[WAR] 97 (auth/ldap/lib.php:194) ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server

release is 1.3.3 version 2010083110, and I've verified that it's not a network/firewall issue, as regular ldapsearch queries can succeed using the secure port...can anyone else verify that they've gotten secure ldap working with Mahara?

Any help is much appreciated!

13 June 2011, 23:06

Is Mahara hosted on Linux server and are you using OpenLDAP ?
If yes we had the same issue caused by  the Open LDAP client on Linux server.
It was failing to bind with LDAPS server. We solved it by  tweaking OpenLDAP configuration.

Modified the /etc/openldap/ldap.conf (OpenLDAP client configuration file)

# This will check certficate validity - check the name from the URI matches the certificate's CN or #subjectAltName values.The connection will be encrypted with Man-in-the-middle attacks protection.
TLS_REQCERT hard

# URI for LDAPS Server with port
URI    ldaps://XXXX.XXXX.XXX:636

# A CA root certificate localhost.pem was generated for Mahara Server
TLS_CACERT     /etc/openldap/cacerts/localhost.pem
TLS_CACERTDIR  /etc/openldap/cacerts

# Use the following lines if you don't want to put these information in LDAP authentication instance
binddn  [binding username]
bindpw  [binding password]