Cannot contact LDAP server

Error 'Can't contact LDAP server' while saving LDAP setting from Ezeelogin GUI

1. Append log_level trace in /usr/local/etc/ezlogin/ez.conf to get the debug log.

root@server ~]# vim /usr/local/etc/ezlogin/ez.conf
log_level trace

2. Tail the latest application log to see the detailed error log.

root@server ~]# cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/logs/

Refer below example to tail application log
root@server ~]# cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/logs/
root@server ~]# ls
log-2022-02-03.php log-2022-02-05.php log-2022-04-16.php
root@server ~]# tail -f log-2022-04-16.php

3. You can find below error from the application log

DEBUG - 2022-07-01 14:21:21 --> uris: Array
(
[0] => ldaps://ad.cloudweg.com:636
)
DEBUG - 2022-07-01 14:21:21 --> uri: ldaps://ad.cloudweg.com:636
DEBUG - 2022-07-01 14:21:21 --> No StartTLS
ERROR - 2022-07-01 14:21:21 --> LDAP bind: CN=Administrator,CN=Users,DC=ezad,DC=com, password, -1, Can't contact LDAP server,
DEBUG - 2022-07-01 14:21:21 --> AJAX response sent

4. Make sure there is certificates in the path and check the permission of owner and group.

root@server ~]# chown -R ldap:ldap /etc/openldap/certs/*

root@server ~]# chmod 644 -R /etc/openldap/certs/*

root@server ~]# ls -al /etc/openldap/certs/

-rw-r--r--. 1 ldap ldap 1176 Jun 18 08:45 ldapserver.crt

-rw-r--r--. 1 ldap ldap 985 Jun 18 08:45 ldapserver.csr

-rw-r--r--. 1 ldap ldap 1679 Jun 18 08:47 ldapserver.key

5. Add below line in ldap.conf to allow LDAP to connect with SSL

root@server ~]# vim /etc/ldap.conf

URI ldaps://ad.cloudweg.com/

TLS_REQCERT allow

6. Make sure you have added the path of certificates in slapd.conf and restart slapd to save the changes.

root@server ~]# vim /etc/ldap/slapd.conf

root@server ~]# systemctl restart slapd