[ZendTo] ldaps not working
patrick.gaikowski at kaufland.com
patrick.gaikowski at kaufland.com
Fri Aug 26 07:28:32 BST 2011
Hi,
i want to change authentication from plain ldap to ldaps. I made the
following changes but it didn't work:
1.) change in preferences.php to 'authLDAPUseSSL' => true
2.) change in /opt/zendto/lib/NSSLDAPAuthenticator.php
enable //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;} in
function validUsername
enable //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;} in
function authenticate
3.) add entry to /etc/ldap.conf --> TLS_REQCERT never
I need this for testing because in TCPdump i saw the TLS error "unknown CA"
By the way, we have to ldap.conf in the zendto-vm (/etc/ldap.conf
and /etc/openldap/ldap.conf) which one is the right one?
For debuging i installed openldap-client so that i can do a ldapsearch
ldapsearch -b o=kl -H ldaps://4.26.1.118 -x "cn=pgai1507" -d1 -Z was
working perfectly.
ldap_create
ldap_url_parse_ext(ldaps://4.26.1.118)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 4.26.1.118:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 4.26.1.118:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0,
subject: /O=KLMETA/OU=Organizational CA,
issuer: /O=KLMETA/OU=Organizational CA
TLS certificate verification: depth: 0, err: 0,
subject: /O=KLMETA/CN=dedcoesmdir26.de.int.kaufland,
issuer: /O=KLMETA/OU=Organizational CA
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
Do you have any idea were the problem is?
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com
KI 967850: IT International / IT Governance / Netzwerk Design und
IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de
http://www.spannende-it.de
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Amtsgericht Stuttgart HRA 104163
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110826/44bc35c5/attachment.html
More information about the ZendTo
mailing list