Hello ! 
Describe the problem/error/question
I want to use LDAPS with TLS to automate account creation via LDAP in n8n. However, I’m facing issues configuring the secure LDAPS connection in n8n. When configuring n8n to use LDAPS with TLS, I receive the error: unable to verify the first certificate.
What is the error message (if any)?
unable to verify the first certificate
Please share your workflow
LDAP Credential :
LDAP Server Address → DC1.XXX.local
LDAP Server Port → 636
Binding DN → n8n_ldap
Binding Password → XXX
Connection Security → TLS
Ignore SSL/TLS Issues → NO
CA Certificate → /usr/local/share/ca-certificates/combined-ldapserver.crt
Timeout → 300
Share the output returned by the last node
The error returned by the node is:
{
"errorMessage": "unable to verify the first certificate",
"errorDetails": {},
"n8nDetails": {
"nodeName": "Create AD account",
"nodeType": "n8n-nodes-base.ldap",
"nodeVersion": 1,
"operation": "create",
"time": "16/06/2024, 01:22:31",
"n8nVersion": "1.45.1 (Self Hosted)",
"binaryDataMode": "default",
"stackTrace": [
"NodeOperationError: unable to verify the first certificate",
" at Object.execute (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Ldap/Ldap.node.js:240:23)",
" at processTicksAndRejections (node:internal/process/task_queues:95:5)",
" at Workflow.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/Workflow.js:728:19)",
" at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:664:51",
" at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:1079:20"
]
}
}
Information on your n8n setup
- n8n version: 1.45.1
- Database (default: SQLite): SQLite
- n8n EXECUTIONS_PROCESS setting (default: own, main): own
- Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
- Operating system: Alpine Linux in Docker container
Additional Context
- Certificate Chain Verification: The certificate used contains the complete chain of intermediate and root certificates.
- Permissions: The certificate permissions are set on
644to ensure it’s readable by all. - Testing with OpenSSL in container: LDAPS connection tests using OpenSSL from within the container work correctly, proving the certificate is valid and accepted
- Testing with ldapadd in container :
ldapadd -H ldaps://DC1.XXXX.local:636 -x -D "CN=n8n_ldap,CN=Users,DC=XXXX,DC=local" -w "XXXX" -f new_user.ldif
new_user.ldif:
dn: CN=John.Doe,OU=Users,OU=XXXX,DC=XXXX,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sn: Doe
givenName: John
sAMAccountName: John.Doe
unicodePwd: XXX
mail: [email protected]
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 0
The test shows that the LDAP add operation is successful.
I’ve also tried temporarily disabling certificate checking in n8n, and it works ! But I can’t do what I want anymore (like using userAccountControl, unicodePwd…).
Does anyone have any ideas or solutions? Any help would be greatly appreciated .
Thanks in advance! 