UCS 5.0 and Nextcloud Hub - Unable to start TLS: Can't contact LDAP server

in my ucs envirenment i installed nextcloud hub, but i can not login wirth internal Server error - nextcloud log shows tls ldap connection errors. why this can be happen after new installation ?

:"PHP","method":"POST","url":"/nextcloud/login","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306"

anyone else with this issue ?

1 Like

UPDATE: See other comment

Yes, we are receiving the same error message with Nextcloud within our Univention environment.

However, we started receiving the same error message a full month ago, and haven’t been able to log-in since.
It was not a new installation in our case–it just suddenly broke.

It could be the case that Let’s Encrypt was handling certificates for the LDAP server–and we moved off Let’s Encrypt to an on-prem certificate authority–but we still haven’t found where all of this is configured. If a certificate has expired, we can’t find it. (It was working for months after we moved off Let’s Encrypt, though…, so it wasn’t just that.)

I even tried setting this in the configuration files to turn off usage of TLS for LDAP (/etc/univention/templates/files/etc/ldap/ldap.conf as well as /etc/ldap/ldap.conf) with no success:


I would be very interested to know what is causing this problem.

Okay, the solution in our case was to renew the certificates at /etc/univention/ssl (which we were thrown off by, since the TLS certificate for the web server itself is configured somewhere else.)

We ran this bash script:

eval "$(ucr shell domainname ssl/default/days)"
cd  /etc/univention/ssl
for i in *".${domainname}"
  univention-certificate renew -name "$i" -days "${ssl_default_days}"

And then we pushed those TLS changes out to each Docker container using:

univention-app update-certificates

Source: Renewing the SSL certificates

Then, we just had to restart our Univention machine.

Hopefully that helps with your issue!

1 Like

Hi !
yes that’s very helpful - I will test this !