<html><body>
<p><font size="2" face="sans-serif">Hi,</font><br>
<br>
<font size="2" face="sans-serif">i want to change authentication from plain ldap to ldaps. I made the following changes but it didn't work:</font><br>
<br>
<font size="2" face="sans-serif">1.) change in preferences.php to</font><font size="2" color="#FF0000" face="sans-serif"> 'authLDAPUseSSL' => true</font><br>
<font size="2" face="sans-serif">2.) change in </font><font size="2" color="#FF0000" face="sans-serif">/opt/zendto/lib/NSSLDAPAuthenticator.php</font><font size="2" face="sans-serif"> </font><br>
<br>
<font size="2" face="sans-serif">enable </font><font size="2" color="#FF0000" face="sans-serif"> //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;}</font><font size="2" face="sans-serif"> in function validUsername</font><br>
<font size="2" face="sans-serif">enable </font><font size="2" color="#FF0000" face="sans-serif"> //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;}</font><font size="2" face="sans-serif"> in function authenticate</font><br>
<br>
<font size="2" face="sans-serif">3.) add entry to</font><font size="2" color="#FF0000" face="sans-serif"> /etc/ldap.conf --> TLS_REQCERT never</font><br>
<br>
<font size="2" face="sans-serif">I need this for testing because in TCPdump i saw the TLS error "unknown CA"</font><br>
<br>
<font size="2" face="sans-serif">By the way, we have to ldap.conf in the zendto-vm (/etc/ldap.conf and /etc/openldap/ldap.conf) which one is the right one?</font><br>
<br>
<font size="2" face="sans-serif">For debuging i installed openldap-client so that i can do a ldapsearch</font><br>
<br>
<font size="2" face="sans-serif"> ldapsearch -b o=kl -H ldaps://4.26.1.118 -x "cn=pgai1507" -d1 -Z was working perfectly.</font><br>
<br>
<font size="2" face="sans-serif">ldap_create</font><br>
<font size="2" face="sans-serif">ldap_url_parse_ext(ldaps://4.26.1.118)</font><br>
<font size="2" face="sans-serif">ldap_extended_operation_s</font><br>
<font size="2" face="sans-serif">ldap_extended_operation</font><br>
<font size="2" face="sans-serif">ldap_send_initial_request</font><br>
<font size="2" face="sans-serif">ldap_new_connection 1 1 0</font><br>
<font size="2" face="sans-serif">ldap_int_open_connection</font><br>
<font size="2" face="sans-serif">ldap_connect_to_host: TCP 4.26.1.118:636</font><br>
<font size="2" face="sans-serif">ldap_new_socket: 3</font><br>
<font size="2" face="sans-serif">ldap_prepare_socket: 3</font><br>
<font size="2" face="sans-serif">ldap_connect_to_host: Trying 4.26.1.118:636</font><br>
<font size="2" face="sans-serif">ldap_connect_timeout: fd: 3 tm: -1 async: 0</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:before/connect initialization</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv2/v3 write client hello A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 read server hello A</font><br>
<font size="2" face="sans-serif">TLS certificate verification: depth: 1, err: 0, subject: /O=KLMETA/OU=Organizational CA, issuer: /O=KLMETA/OU=Organizational CA</font><br>
<font size="2" face="sans-serif">TLS certificate verification: depth: 0, err: 0, subject: /O=KLMETA/CN=dedcoesmdir26.de.int.kaufland, issuer: /O=KLMETA/OU=Organizational CA</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 read server certificate A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 read server done A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 write client key exchange A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 write change cipher spec A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 write finished A</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 flush data</font><br>
<font size="2" face="sans-serif">TLS trace: SSL_connect:SSLv3 read finished A</font><br>
<font size="2" face="sans-serif">ldap_open_defconn: successful</font><br>
<br>
<br>
<font size="2" face="sans-serif">Do you have any idea were the problem is? </font><br>
<br>
<font size="2" face="sans-serif">Mit freundlichen Grüßen / Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: patrick.gaikowski@kaufland.com<br>
KI 967850: IT International / IT Governance / Netzwerk Design und IT-Sicherheit<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><br>
<br>
<br>
<font size="2" face="sans-serif"><a href="http://www.kaufland.de">http://www.kaufland.de</a> </font><br>
<font size="2" face="sans-serif"><a href="http://www.spannende-it.de">http://www.spannende-it.de</a></font><br>
<font size="2" face="sans-serif">Wir sind die Nr. 1:</font><br>
<font size="2" face="sans-serif">Kaufland ist "Bester Lebensmittelmarkt 2011"!</font><br>
<br>
<font size="2" face="sans-serif">Kaufland Informationssysteme GmbH & Co. KG</font><br>
<font size="2" face="sans-serif">Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163</font><br>
<br>
<br>
<br>
<br>
<br>
</body></html>