Trying to connect to LDAPS (Windows active directory from ansible tower receiving return code: 20 (unable to get local issuer certificate) error

  active-directory, ansible-tower, ldap, linux, windows

I am receiving below error when I am using ldaps:// in ansible Tower, without secure it is working fine.

{'desc': "Can't contact LDAP server", 'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)'},)

We are connecting our ldaps server from our Ansible Tower for RBAC, RBAC is working fine without ssl.

 openssl s_client -showcerts -CAfile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -connect user.xxxx.io:636
CONNECTED(00000003)
depth=1 C = US, ST = Nebraska, L = Omaha, O = xxxx Corporation, OU = xxxx Communications, CN = DTH Private RSA 2048 SubCA AWS us-east-1
verify error:num=20:unable to get local issuer certificate

api/v2/settings/ldap

"AUTH_LDAP_1_SERVER_URI": "",
    "AUTH_LDAP_1_BIND_DN": "",
    "AUTH_LDAP_1_BIND_PASSWORD": "",
    "AUTH_LDAP_1_START_TLS": false,
    "AUTH_LDAP_1_CONNECTION_OPTIONS": {
        "OPT_X_TLS_REQUIRE_CERT": true,
        "OPT_X_TLS_CACERTFILE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
        "OPT_NETWORK_TIMEOUT": 30,
        "OPT_REFERRALS": 0
    },

Source: Windows Questions

LEAVE A COMMENT