Secure LDAP client install fails

Sorry if this is not be the correct forum.  I am running Sugar Professional on premises on Ubuntu 18 linux.  I am currently using LDAP to authenticate back to our Windows Active Directory Domain Controller.  This works fine.  Now I want to use Secure LDAP on port 636 for authentication.  Sugar says just change the port number in the Admin console.  Well that doesn't work. 

I am running OpenSSL 1.1.1d on the Sugar machine.  I have an issuing CA certificate made with OpenSSL.  I copied the exported file from the DC to the /etc/ssl/certs folder.  I have modified the /etc/ldap/ldap.conf file with:

# TLS certificates (needed for GnuTLS)
#TLS_CACERT /etc/ssl/certs/ca-certificates.crt.  --- I commented this out. Don't know what that will hurt.
TLS_CACERT /etc/ssl/certs/cert.pem
URI ldap://SERVER.COMPANY.COM:636/. --  also tried URI ldaps://SERVER.COMPANY.COM/
TLS_REQCERT allow

Still no success.  Anyone done this before?  Any suggestions.  I know the DC is working because I have a Windows server running Wampserver 2.2 and I made it work by, in part, modifying custom PHP code.

  • i spent 2 days trying to fix this and found the solution in an old reddit thread.

    1. make sure the server is ldaps://yourserver.com (with the ldaps:// prefix)

    2. for php7 and ldaps.dll on windows, you MUST add a system environment variable

    LDAPCONF=C:\openldap\sysconf\ldap.conf

    inside ldap.conf add 1 line

    TLS_REQCERT never

    This removes the check on self signed certificates so it will work ok