Zammad with LDAP, I have an issue

Hi guys,

I have an AD DC environment so I already have an CentOS with Asterisk which is linked by LDAP to the AD user’s DB so LDAP works!

I installed Zammad.org on Debian Bullseye, I did:

# openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect 192.xxx.XXX.XXX:636

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

This is not a public server and now I’d like to use it just in lan but ok, it’s important to load a ssl certificate and I’d like to add it, these are my dubts:

1. I could generate an SSL certificate by myself and in the future if I’ll need to publish the service to the world I’ll change it;
2. I could use Let’s encrypt but I know when I register a public SSL certificate I should also give a name to it like myticketservice.mycompany.com and maybe I should add it in our local DNS but I don’t know if this is the right way…

Tell me what do you think about it!

Regards.
LutherBlissett

Please use the template. Especially the Zammad version is relevant. Thank you.

Thanks for your reply, this is my first post in this community, when you write “use the template” I think this is something to write a right post.

My Zammad version is 6.1.0-1699276421.93fcc596.bookworm

Thanks!
LutherBlissett

Your installed Zammad version does not fit your operating system.
Please re-visit Zammads documentation and ensure to fix the invalid repository link.

Packages of Zammad are OS and distribution specific.
Especially Bookworm vs Bullseye in terms of OpenSSL 1.x vs 3.x

https://docs.zammad.org/en/latest/install/package.html#add-repository-and-install-zammad

When you select the category, you’ll receive a template to fill in.
This is what I mean by “use the template” as it helps to get the information people need to help.

image1232×504 18.7 KB

Thanks to explained templates to me, I don’t know if to fix the “issue” about LDAP I should add another post or if I could use this.

I also did indirectly tell you how you can potentially fix this by this part:

Thanks for your reply!

I checked my repositories and I did also an update

# aptitude update
Hit http://debian.mirror.garr.it/debian bookworm InRelease
Get: 1 http://debian.mirror.garr.it/debian bookworm-updates InRelease [52,1 kB]
Get: 2 http://security.debian.org/debian-security bookworm-security InRelease [48,0 kB]
Get: 3 http://security.debian.org/debian-security bookworm-security/main Sources [60,2 kB]
Get: 4 http://security.debian.org/debian-security bookworm-security/main amd64 Packages [102 kB]
Get: 5 https://dl.packager.io/srv/deb/zammad/zammad/stable/debian 12 InRelease [1.845 B]
Scaricato 264 kB in 1s (519 kB/s)

I have Debian Bookworm (12) and I’m using the right Zammad repository, I enabled SSL by Let’s Encrypt and it works well but Zammad’s gui says:

Can't connect to '192.168.x.xx' on port '636', Connection reset by peer - SSL_connect

I tried from CLI # openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect 192.168.x.xx:636 but I have:

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Btw I will be working to search how to connect Zammad to AD DC by LDAP!

Regards.
LB

I found the solution from another server (CentOS) used by Asterisk to load AD DC users, it uses ldap://srvdomain.mycompany.local and by this line I just started the zammad wizard and I imported users, it’s a very nice feature!

Regards
LB

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.