Login failed: The LDAP server is unreachable

I have the following problem with ldap when I tried to use secure ldap with ‘verify_cert’: True.
“Login failed: The LDAP server is unreachable”
Is there any work around for this problem?

Thanks,

Point cert_file to a file containing the root CA that signed the certificate used by your LDAP server. If it’s a publicly recognized CA, then it should work out of the box (assuming the certifi python package is installed):

Thank you for your replies. I tried this configuration and received the following error:

Something went wrong

ValueError: option error
Report Error

I used the below configuration.

'cert_file': '/opt/indico/custom/cert',
'timeout': 30,
'verify_cert': True,
'starttls': False,
'page_size': 1500,

please show the traceback from indico.log. also, can you post the contents of /opt/indico/custom/cert?

Sure, please see the contents of /opt/indico/custom/cert

-rw-r–r-- 1 indico www-data 2296 Feb 19 08:38 Base-64-srvinfdc-2.cer
-rw-r–r-- 1 indico www-data 2260 Mar 11 19:03 DER-srvinfdc-2-1.pem
-rw-r–r-- 1 indico www-data 1629 Feb 19 08:35 DER-srvinfdc-2.cer
-rw-r–r-- 1 indico www-data 1629 Feb 19 08:35 DER-srvinfdc-2.crt
-rw-r–r-- 1 indico www-data 2260 Mar 11 19:02 DER-srvinfdc-2.pem
I used the following command to convert the .cer and .crt to .pem file

openssl x509 -inform der -in /opt/indico/custom/cert/DER-srvinfdc-2.crt -out /opt/indico/custom/cert/DER-srvinfdc-2.pem

indico.log (4.7 KB)

You have to point this config option to an actual file (in pem format) that contains the root CA certificate, not some folder containing all kinds of files.

Also, the file you attached looks like a logfile from uwsgi and not the usual indico.log one from /opt/indico/log/indico.log

PS: You cannot put an obfuscated email address in your config (except for PUBLIC_SUPPORT_EMAIL). As the log shows, sending emails with a sender of events(at)kfupm.edu.sa fails…

Thanks, I fixed all mentioned the issues, but still, I have the same error with ldap authentication.

indico.log (30.0 KB)

Can you attach the file cert_file points to?

DER-srvinfdc-2.zip (1.7 KB)

ok the file looks valid… in that case i don’t know why it fails

Thanks for your support. It works now!. The problem was in ‘cert_file’: option it should be like this ‘/opt/indico/custom/cert/DER-srvinfdc-2.crt’.
But when I changed the ‘starttls’: True, I received the following error.

Something went wrong

CONNECT_ERROR: {‘info’: u’(unknown error code)’, ‘desc’: u’Connect error’}

does it use starttls? if not, you may want ldaps://... in the uri to use a standard tls connection

1 Like

Thanks, this problem is due to firewall configuration. I will use the standard tls connection.