[ZendTo] ldaps not working

patrick.gaikowski at kaufland.com patrick.gaikowski at kaufland.com
Fri Aug 26 07:28:32 BST 2011



Hi,

i want to change authentication from plain ldap to ldaps. I made the
following changes but it didn't work:

1.) change in preferences.php to 'authLDAPUseSSL'        => true
2.) change in /opt/zendto/lib/NSSLDAPAuthenticator.php

enable  //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;} in
function validUsername
enable  //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;} in
function authenticate

3.) add entry to /etc/ldap.conf --> TLS_REQCERT never

I need this for testing because in TCPdump i saw the TLS error "unknown CA"

By the way, we have to ldap.conf in the zendto-vm (/etc/ldap.conf
and /etc/openldap/ldap.conf) which one is the right one?

For debuging i installed openldap-client so that i can do a ldapsearch

 ldapsearch -b o=kl -H ldaps://4.26.1.118 -x "cn=pgai1507" -d1 -Z was
working perfectly.

ldap_create
ldap_url_parse_ext(ldaps://4.26.1.118)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 4.26.1.118:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 4.26.1.118:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0,
subject: /O=KLMETA/OU=Organizational CA,
issuer: /O=KLMETA/OU=Organizational CA
TLS certificate verification: depth: 0, err: 0,
subject: /O=KLMETA/CN=dedcoesmdir26.de.int.kaufland,
issuer: /O=KLMETA/OU=Organizational CA
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful


Do you have any idea were the problem is?

Mit freundlichen Grüßen / Best regards

Patrick Gaikowski
Tel:     +49 7132 94 3568
Fax:    +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com
KI 967850: IT International / IT Governance / Netzwerk Design und
IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg


http://www.kaufland.de
http://www.spannende-it.de
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!

Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Amtsgericht Stuttgart HRA 104163




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110826/44bc35c5/attachment.html 


More information about the ZendTo mailing list