LDAP certificate not valid for any names

Hi All,

Internal Server Error

Login error: failed to connect: LDAP Result Code 200 “Network Error”: x509: certificate is not valid for any names, but wanted to match ldap.acc.ohsu.edu

I got that message after configuring our cluster.yml file and restarting httpd and ondemand-dex.

Is this something to do with CA trust? I saw some mention of the tls cert configuration in the ood_portal.yml file, but wasn’t sure if I needed to add anything beyond the ssl cert configuration:

ssl:

• ‘SSLCertificateFile “/etc/pki/tls/certs/openondemanddev.ohsu.edu.crt”’
• ‘SSLCertificateKeyFile “/etc/pki/tls/private/openondemanddev.ohsu.edu.key”’
• ‘SSLCertificateChainFile “/etc/pki/tls/certs/openondemanddev.ohsu.edu-chain.pem”’

Which appears to be working fine for the TLS cert in that it redirects to https fine, and shows a valid cert…

Jul 21 15:37:38 openondemanddev ondemand-dex[3561]: time=“2023-07-21T19:37:38Z” level=error msg=“Failed to login user: failed to connect: LDAP Result Code 200 "Network Error": x509: certificate is not valid for any names, but wanted to match ldap.acc.ohsu.edu”

Thoughts?

There’s some issue with the certificate that the LDAP server is providing I would guess.

You can see what the certificate looks like with this command.

openssl s_client -connect <host>:<port> -starttls ldap

Beyond that I think you’d need to ensure that the appropriate Certificate Authority files are on both machines (the ldap server and the OOD server).

Thanks, we got that part resolved.

Thanks for the response! Please let us know what the resolution was in case someone else runs into the same.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.