in my ucs envirenment i installed nextcloud hub, but i can not login wirth internal Server error - nextcloud log shows tls ldap connection errors. why this can be happen after new installation ?
:"PHP","method":"POST","url":"/nextcloud/login","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306"
anyone else with this issue ?
UPDATE: See other comment
Yes, we are receiving the same error message with Nextcloud within our Univention environment.
However, we started receiving the same error message a full month ago, and haven’t been able to log-in since.
It was not a new installation in our case–it just suddenly broke.
It could be the case that Let’s Encrypt was handling certificates for the LDAP server–and we moved off Let’s Encrypt to an on-prem certificate authority–but we still haven’t found where all of this is configured. If a certificate has expired, we can’t find it. (It was working for months after we moved off Let’s Encrypt, though…, so it wasn’t just that.)
I even tried setting this in the configuration files to turn off usage of TLS for LDAP (/etc/univention/templates/files/etc/ldap/ldap.conf as well as /etc/ldap/ldap.conf) with no success:
TLS_REQCERT never
I would be very interested to know what is causing this problem.
Okay, the solution in our case was to renew the certificates at /etc/univention/ssl (which we were thrown off by, since the TLS certificate for the web server itself is configured somewhere else.)
We ran this bash script:
eval "$(ucr shell domainname ssl/default/days)"
cd /etc/univention/ssl
for i in *".${domainname}"
do
univention-certificate renew -name "$i" -days "${ssl_default_days}"
done
And then we pushed those TLS changes out to each Docker container using:
univention-app update-certificates
Source: Renewing the SSL certificates
Then, we just had to restart our Univention machine.
Hopefully that helps with your issue!
Hi !
yes that’s very helpful - I will test this !