This short FAQ is designed to cover a small easily overlooked detail when attempting to setup LDAPS with SimpleRisk. This assumes you have LDAP already configured and working and want to move from port 389 to 636 making an SSL connection. This FAQ also mostly applies to users who have self-signed certs on their LDAP server but there may be other situations where you might need to make this change.

On the SimpleRisk server open "/etc/ldap.conf" in the editor of your choice. In my example I use vi.

vi /etc/ldap.conf

Inside of this file you may already have this parameter defined or it may not exist currently. If it already there simply update it and if it does not appear then add this line:

TLS_REQCERT never

Save the file hitting esc then typing ":wq" and hit enter to write out the file and quit vi. Once completed restart apache using:

systemctl restart apache2 (Ubuntu)
systemctl restart httpd (Centos/RHEL)

At this point the issue should now be resolved.  If for any reason you are having continued issues getting LDAPS working please contact us at support@simplerisk.com.

FOR WINDOWS USERS:

If your SimpleRisk is running on a Windows based system you will quickly realize that this file does not exist. In Windows when specifically work with WAMP you will need to take the following steps to fix the issue:

1)Create a new folder on the root of C:\ called "openldap" 

2) in C:\openldap create another directory called "sysconf" 

3) Next in C:\openldap\sysconf\ folder create a text file named "ldap.conf".

4) Open ldap.conf and add the single line:
TLS_REQCERT never 

5) Now save and close it.

6) Last restart WAMP and the issue should now be resolved.

If you are still having trouble with LDAPS after this change please contact us at support@simplerisk.com