Does TLS 1.3 is supported for LDAPS connection?

UCS version: 5.0-9 errata1200

Hi there!

I cannot connect to the LDAP server of our UCS when using TLS 1.3 (deb12 & Win11).

It works when connecting without TLS (port 7389) or with TLS 1.2 (port 7636).

The command I use to test is:

ldapsearch -x -LLL -H ldaps://dc1.example.com:7636 -D "uid=bind.dn,cn=users,dc=example,dc=com" -w "password" -b "cn=users,dc=example,dc=com" "(&(objectClass=inetOrgPerson)(uid=john.doe))"

Does TLS 1.3 is supported for LDAPS connection?

Thank you

The error I get is:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Nevermind, the problem was the certificate was not trust by the client. (ldapsearch -d 1 … to view the debug information)

The solution is:

1. Install the UCS certiticate here /usr/local/share/ca-certificates/certificate.crt
2. chmod 444 /usr/local/share/ca-certificates/certificate.crt
3. Edit /etc/ldap/ldap.conf and add

TLS_CACERT      /usr/local/share/ca-certificates/certificate.crt
TLS_REQCERT     allow

And it should work.