Feng Forum
Support => Feng Office 2 => : straffin March 12, 2012, 11:55:57 AM
-
All,
Anyone have any information on getting an SSL/TLS connection to work with Feng's LDAP integration? Everything works fine with an anonymous bind *without* SSL...
$config_ldap = array (
'binddn' => '',
'bindpw' => '',
'basedn' => 'ou=people,dc=domain,dc=com',
'host' => 'ldap.domain.com',
'uid' => 'uid'
);
But fails when I add the SSL/TLS information...
$config_ldap = array (
'binddn' => '',
'bindpw' => '',
'starttls' => true,
'basedn' => 'ou=people,dc=domain,dc=com',
'host' => 'ldap.domain.com:636',
'uid' => 'uid'
);
Have also tried it with "ldaps://" in the host, no luck. Anyone?
-
I don't know about SSL/TLS but to get LDAP authentication works properly, I had to add :
function isValidPasswordLdap($user, $password, $config) {
// Connecting using the configuration:
require_once "Net/LDAP2.php";
$ldap = Net_LDAP2::connect($config);
// Testing for connection error
if (PEAR::isError($ldap)) {
return false;
}
$filter = Net_LDAP2_Filter::create($config['uid'], 'equals', $user);
$search = $ldap->search(null, $filter, null);
if (Net_LDAP2::isError($search)) {
return false;
}
if ($search->count() != 1) {
return false;
}
// User exists so we may rebind to authenticate the password
$entries = $search->entries();
$bind_result = $ldap->bind($entries[0]->dn(), $password);
if (PEAR::isError($bind_result)) {
return false;
}
return true;
} // isValidPassword
into application/models/contacts/Contact.class.php of 2.0RC source code.
can you confirm this issue?
-
I also have that same code in my Contact.class.php.
As I said non-SSL LDAP Authentication works just dandy. However, non-SSL LDAP Authentication also passes passwords over the wire in clear-text. This is bad.
Based on some more searching and a peek at the Net_LDAP2 docs, I've also now tried adding the following to my ldap.config.php with no success:
$config_ldap = array (
'binddn' => '',
'bindpw' => '',
'starttls' => false,
'ssl' => true,
'basedn' => 'ou=People,dc=domain,dc=com',
'host' => 'ldap.domain.com',
'port' => '636',
'uid' => 'uid'
);
Anyone know how to use "ldap_set_option" to debug the connection?
-
You can try request an helping hand sending an email to author of ldap.config.php Luca Corbo (luca.corbo <_at_> 2bopen <_dot_> org)
-
Anyone know how to use "ldap_set_option" to debug the connection?
You might be able to set the debug option using something like this:
$config_ldap = array (
'binddn' => '',
'bindpw' => '',
'starttls' => false,
'ssl' => true,
'basedn' => 'ou=People,dc=domain,dc=com',
'host' => 'ldap.domain.com',
'port' => '636',
'uid' => 'uid',
'options' => array( 'debug' =>'true')
);
Since 'starttls' is (sometimes) referred to as 'SSL V3', can you get what you want by enabling starttls?
I have also successfully used an ssh tunnel to encrypt ldap traffic, using a command like this:
ssh user@ldap-server-address -L 6389:localhost:389
* then configure Net_LDAP2 to use port 6389
* I already had an LDAP server on the feng host, hence the alternate port
* configure public key passwordless connections for ssh in order to allow ssh to connect in a script without stopping to ask for a password.