[Bug 264545] net-im/ejabberd tls ldap broken

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Jun 2022 12:28:31 UTC

            Bug ID: 264545
           Summary: net-im/ejabberd tls ldap broken
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ashish@FreeBSD.org
          Reporter: marko.cupac@mimar.rs
             Flags: maintainer-feedback?(ashish@FreeBSD.org)
          Assignee: ashish@FreeBSD.org


I have just upgraded one of my ejabberd jails to 13.1-RELEASE, also updating
all the ports to main (built in my own poudriere):

erlang upgraded: 24.2.2,4 -> 24.3.4,4
ejabberd upgraded: 21.12 -> 22.05

After the upgrade I cannot connect to LDAP server (Active Directory) anymore.

Here's my AUTHENTICATION section which worked before the upgrade:

###   ====== AUTHENTICATION =======   ###
auth_method: [ldap]
  - "ldap.example.org"
ldap_encrypt: tls
ldap_port: 636
ldap_rootdn: "CN=SomeAccount,DC=example,DC=org"
ldap_password: "examplepass"
ldap_base: "DC=example,DC=org"
  - "sAMAccountName"
ldap_filter: "(memberOf=CN=jabber_users,DC=example,DC=org)"

Here's actual error from ejabberd.log:

2022-06-08 13:57:18.791918+02:00 [error] <0.31354.0>@eldap:connect_bind/1:1092
LDAP connection to ldap.example.org:636 failed: TLS client: In state hello at
ssl_handshake.erl:892 generated CLIENT ALERT: Fatal - Handshake Failure

Searching around the 'net I found the following discussion:


...which acknowledges issue with LDAP authentication for erlang 24.3.4, and
apparent fix which should come with 24.3.5.

I guess there is nothing else to do except wait for new version of erlang, but
hopefully other ejabberd users on FreeBSD will find this information useful.


You are receiving this mail because:
You are the assignee for the bug.