self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 17:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tweak LDAPS troubleshooting docs

Browse source 
Make it clear that an LDAP connection reset can be due to attempting
to connect on port 389 (which is what our original instructions advised)
This commit is contained in:
Zac Bergquist 2021-12-07 09:07:09 -07:00 committed by Russell Jones
parent e8f3b54684
commit a165ad2fcb
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/pages/desktop-access/troubleshooting.mdx
View file

@ -94,7 +94,7 @@ For desktops that are automatically discovered via LDAP, Teleport makes DNS
queries against the LDAP server in order to resolve the hostname to an IP
address.
Ensure that your firewalls allow inbound DNS traffic on port 53 from the
Ensure that your firewalls allow inbound DNS traffic on port `53` from the
instance(s) running Teleport's Windows Desktop Service to the LDAP server
(Active Directory Domain Controller).
@ -163,11 +163,14 @@ connecting to LDAP server: unable to read LDAP response packet: read tcp 172.18.
**Solution:** Enable LDAPS
This means you do not have an LDAP certificate installed on your LDAP servers.
You can resolve this by
[installing Active Directory Certificate Services](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority)
This means you do not have an LDAP certificate installed on your LDAP servers,
or you are trying to make an insecure connection on port `389`. Teleport requires
secure LDAPS connections, which are typically on port `636`. First, confirm that
you are connecting to the correct LDAPS port. If that doesn't resolve your
issue, you can
[instal Active Directory Certificate Services](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority)
(AD CS) or
[importing](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority)
[import](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority)
your own third party certificate. Note that Active Directory is
[extremely picky](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority#requirements-for-an-ldaps-certificate)
so take care to generate your certificates correctly.