LDAP certificate not valid for any names

Hi All,

Internal Server Error

Login error: failed to connect: LDAP Result Code 200 “Network Error”: x509: certificate is not valid for any names, but wanted to match ldap.acc.ohsu.edu

I got that message after configuring our cluster.yml file and restarting httpd and ondemand-dex.

Is this something to do with CA trust? I saw some mention of the tls cert configuration in the ood_portal.yml file, but wasn’t sure if I needed to add anything beyond the ssl cert configuration:

ssl:

  • ‘SSLCertificateFile “/etc/pki/tls/certs/openondemanddev.ohsu.edu.crt”’
  • ‘SSLCertificateKeyFile “/etc/pki/tls/private/openondemanddev.ohsu.edu.key”’
  • ‘SSLCertificateChainFile “/etc/pki/tls/certs/openondemanddev.ohsu.edu-chain.pem”’

Which appears to be working fine for the TLS cert in that it redirects to https fine, and shows a valid cert…

Jul 21 15:37:38 openondemanddev ondemand-dex[3561]: time=“2023-07-21T19:37:38Z” level=error msg=“Failed to login user: failed to connect: LDAP Result Code 200 "Network Error": x509: certificate is not valid for any names, but wanted to match ldap.acc.ohsu.edu”

Thoughts?

There’s some issue with the certificate that the LDAP server is providing I would guess.

You can see what the certificate looks like with this command.

openssl s_client -connect <host>:<port> -starttls ldap

Beyond that I think you’d need to ensure that the appropriate Certificate Authority files are on both machines (the ldap server and the OOD server).

Thanks, we got that part resolved.

1 Like

Thanks for the response! Please let us know what the resolution was in case someone else runs into the same.