LoginLDAP with SSL (PEM config)

Hello community,

I’m new to this community and this product, but a long time sysadmin.

I have trouble setting LDAPS with our LoginLDAP plugin on our Matomo instance.

What has been tested :

  • LDAP authentication on RODC in non-SSL setting is working perfectly (port 389).
  • The RODC server is listening on port 636.
  • Firewall port 636 is opened on RODC.

What I don’t know how to do and that I think is necessary for make it work :

  • Configure CACERT.PEM library file to include internal root CA certificate.
  • Add a Computer certificate to Matomo config so the system will use to authenticate with RODC.

I’m pretty sure this is what is missing. I’ve searched extensively, but did not find a defined procedure to help me configure it correctly. We need to use LDAPS since our politics severely condemn non-secure LDAP connections.

I’ve joined the log line that states the failure in the process. I can provide any more info as necessary. Thank you SOOOO much in advance for any help you might be able to provide.

WARNING LoginLdap[2020-01-13 17:41:23 UTC] [78c74] D:\wwwroot\Matomo\plugins\LoginLdap\Ldap\Client.php(146): Warning - ldap_bind(): Unable to bind to server: Can't contact LDAP server - Matomo 3.13.0 - Please report this message in the Matomo forums: https://forum.matomo.org (please do a search first as it might have been reported already) [internal function]: Piwik\ErrorHandler::errorHandler(),#1\plugins\LoginLdap\Ldap\Client.php(146),#2\plugins\LoginLdap\Model\LdapUsers.php(591),#3\plugins\LoginLdap\Model\LdapUsers.php(276),#4\plugins\LoginLdap\Model\LdapUsers.php(506),#5\plugins\LoginLdap\Model\LdapUsers.php(279),#6\plugins\LoginLdap\API.php(98),[internal function]: Piwik\Plugins\LoginLdap\API->getCountOfUsersMemberOf(),#8\core\API\Proxy.php(237),#9\core\Context.php(28)