Bug#419516: Do not work with tls

Ola Lundqvist Mon, 16 Apr 2007 03:21:09 -0700

Package: phpldapadmin
Severity: important
Version: 0.9.8.3-8
Tags: security


Hi

I have recently upgraded from sarge to etch. I have problem
to get the tls option to work.

These are the relevant parts of the configuration:

$ldapservers->SetValue($i,'server','host','ldaps://ldap.opalsys.net:636/');
$ldapservers->SetValue($i,'server','port','636');
$ldapservers->SetValue($i,'server','tls',true);

It works very well if I set host to ldap://ldap.opalsys.net and tls to false.

The error I get is:
Error
Could not start TLS. Please check your LDAP server configuration.

LDAP said: Can't contact LDAP server

I enabled the logging and it tells
[0.000] login.php(17): ldapserver::connect(): Entered with (1,user,)
[0.000] login.php(17): ldapserver::_connect(): Entered with (user)
[0.000] login.php(16): ldapserver::connect(): Creating new connection [user] 
for Server ID [0]
[0.000] login.php(80): ldapserver::connect(): This IS a "config" login
[0.000] login.php(80): ldapserver::connect(): Config settings, DN 
[cn=browse,dc=opalsys,dc=net], PASS [2b465f26d3125d7f69dc9be516b2b6e1]
[0.000] login.php(80): ldapserver::connect(): Config settings, DN 
[cn=browse,dc=opalsys,dc=net], PASS [2b465f26d3125d7f69dc9be516b2b6e1]
[0.000] login.php(17): ldapserver::_connect(): Entered with (user)
[0.001] login.php(16): ldapserver::connect(): LDAP Resource [Resource id #18], 
Host [ldaps://ldap.opalsys.net/], Port [636]
[0.000] login.php(17): ldapserver::isTLSEnabled(): Entered with ()
[0.050] login.php(1): pla_error(): Entered with (Could not start TLS. Please 
check your LDAP server configuration.,Can't contact LDAP server,-1,1)


I have also tried a numerous variants of port, uri settings etc. Nothing helps
more than to disable tla.

I have libnss-ldap setup with tls enabled and I can access it from many other
places, but not from phpldapadmin.

You can try for yourself as it is publicly available.

I marked it with security as missing encryption support can be seen as a 
security
issue.

Regards,

// Ola


ii  php4                      4.4.4-8+etch1             server-side, 
HTML-embedded scripting language (meta-package)
ii  apache2                   2.2.3-4                   Next generation, 
scalable, extendable web server
ii  phpldapadmin              0.9.8.3-8                 web based interface for 
administering LDAP servers


-- 
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/  [EMAIL PROTECTED]                   Annebergsslingan 37        \
|  [EMAIL PROTECTED]                   654 65 KARLSTAD            |
|  http://opalsys.net/               Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#419516: Do not work with tls

Reply via email to