LDAPS issues



  • Anybody managed to get Veyon to connect via LDAPS either SSL or TLS? Spent a good hour playing with settings and can't figure it out. LDAPS is definitely working everywhere else

    When using TLS with cert set to use our CA cert and port 636 I get

    2019-12-10T15:24:18.078: [INFO] [UltraVNC] virtual BOOL vncClientThread::InitVersion() : Send protocolMsg
    2019-12-10T15:24:18.078: [INFO] [UltraVNC] virtual BOOL vncClientThread::InitVersion() : Send_OK
    2019-12-10T15:24:18.078: [DEBUG] ServerAuthenticationManager::performKeyAuthentication(): SUCCESS
    2019-12-10T15:24:18.094: [DEBUG] [KLDAP] connection closed!
    2019-12-10T15:24:18.094: [DEBUG] [KLDAP] ldap url: "ldap://hans.sch4304.internal:636"
    2019-12-10T15:24:18.099: [DEBUG] [KLDAP] setting version to: 3
    2019-12-10T15:24:18.099: [DEBUG] [KLDAP] setting timeout to: 0
    2019-12-10T15:24:18.099: [DEBUG] [KLDAP] setting security to: 1
    2019-12-10T15:24:18.121: [DEBUG] [KLDAP] start TLS
    2019-12-10T15:24:18.127: [DEBUG] [KLDAP] connection closed!
    2019-12-10T15:24:18.128: [WARN] LdapClient::reconnect(): LDAP connect failed: ""

    Change the port to 389 and it works with TLS selected albeit I don't think it is using TLS, but set the TLS cert verification to none and it fails so that tells me the cert is being read and verified correctly.

    Obvious thing that stands out here is it is still attempting an ldap and not an ldaps connection

    With the impending force of ldaps in January this could well be a problem for many people if it doesn't work.

    Anybody else had any luck? Seems like a bug to me.



  • This is using version 4.3.1 by the way



  • Just turned on LDAPS and enforced it on our DCs. Playing with the veyon settings I have found that the following still works

    LDAP server and port: DC works but Domain Name doesn't so have specified a DC. Port 389 works however 636 does not

    Encryption protocol: TLS
    TLS certificate verification: Custom
    Custom CA certificate file: Exported CA cert in CER format, changed extension to PEM and plonked onto a share

    Hope this helps somebody


Log in to reply