User:sync with LDAPS (turnOffCertCheck = 0) fails

I’m hoping you can help me. This is my first post. I need help syncing openldap users from command line. I’m using “user_ldap: 0.15.0”. The owncloud portal works great with LDAPS and uses the ldap client TLS_CACERT value that points to the CA (Turn off SSL certificate validation is not checked under Admin -> User Authentication -> Advanced. For some reason, I don’t know how to specify the CA in the sync command because it doesn’t detect the /etc/openldap/ldap.conf setting “TLS_CACERT <ca_cert>”.

These were the steps I followed:
echo -n | openssl s_client -connect openjdk-bcw.csps.com:636 -showcerts | awk ‘/-----BEGIN/,/END CERTIFICATE-----/’

(Copy the certificate from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– and put it on specific file, in this guide we use /etc/pki/tls/cacert.pem.)

vim etc/pki/tls/cacert.pem

vim /etc/openldap/ldap.conf

#TLS_CACERT /etc/pki/tls/cert.pem

TLS_CACERT /etc/pki/tls/cacert.pem

Configure SELinux

(Allow HTTPD scripts and modules to connect to the network.)

setsebool -P httpd_can_network_connect 1

(Allow HTTPD to connect to LDAP)

setsebool -P httpd_can_connect_ldap 1

(Allow nsswitch to allow LDAP logins)

setsebool -P authlogin_nsswitch_use_ldap 1

(Enable NIS)

setsebool -P nis_enabled 1

Steps to reproduce

  1. sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r

Expected behaviour

[root@owncloud owncloud]# sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r
Analysing known accounts …
2 [============================]

No removed users have been detected.

No existing accounts to re-enable.

Inserting new and updating all known users from OCA\User_LDAP\User_Proxy …
3 [============================]

[root@owncloud owncloud]# sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r
Analysing known accounts …
4 [============================]

No removed users have been detected.

No existing accounts to re-enable.

Inserting new and updating all known users from OCA\User_LDAP\User_Proxy …
3 [============================]

[root@owncloud owncloud]#

Actual behaviour

In Connection.php line 532:

[OCA\User_LDAP\Exceptions\BindFailedException]

user:sync [-l|–list] [-u|–uid UID] [-s|–seenOnly] [-c|–showCount] [-m|–missing-account-action MISSING-ACCOUNT-ACTION] [-r|–re-enable] [–] []

Apps

Enabled:

  • comments: 0.3.0
  • configreport: 0.2.0
  • dav: 0.5.0
  • encryption: 1.4.0
  • external: 1.4.0
  • federatedfilesharing: 0.5.0
  • federation: 0.1.0
  • files: 1.5.2
  • files_external: 0.7.1
  • files_mediaviewer: 1.0.1
  • files_sharing: 0.12.0
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • firstrunwizard: 1.2.0
  • market: 0.5.0
  • notifications: 0.5.0
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • user_external: 0.6.0
  • user_ldap: 0.15.0
    Disabled:
  • updatenotification

Web server:
HTTPD 2.4

PHP version:
7.2.24

ownCloud version: (see ownCloud admin page)
10.4.0

Updated from an older ownCloud or fresh install:
Updated from 10.3.2

Operating system:
RHEL 7.7