Rancher LDAP AD Authentication to UCS Failure

UCS - Univention Corporate Server
, ,
#1

Hello everyone,

I am having one heck of a time trying to allow Rancher. When attempting to connect via TLS port (636/7363) it states that the TLS cert cant be verified.

Error creating ssl connection: LDAP Result Code 200 “”: x509: certificate signed by unknown authority

https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/ad/

I’ve read (How To: Created an UCS-CA signed certificate for a non-UCS system within Domain), but I am curious how that gets involved with the rancher LDAP authentication setup.

The above processes generated four certs, CAcert.crt, cert.pem, reg.pem, priavate.key.
Should I use the CAcert.crt in the upload, or should I be using the UCS servers cert?

Looking to see what I am doing wrong,

Please reference my attach photos.

Rancher1_AD Rancher1_AD2 Rancher1_AD3 Rancher1_AD4

#2

Hi @huwilerp,

the linked howto article is not really applicable in your case. On an ucs system everything is signed with its own ca to be fully trusted internally. But that also means that you need to import that ca on other systems that should interact with it.

This seems like it fits your case https://rancher.com/docs/rancher/v2.x/en/installation/options/custom-ca-root-certificate/

1 Like
Mastodon