Bug#490939: ldap use_tls does not cause connection to use TLS
Hi Martin! Any news on this? Did you try with port 389 instead? Thanks. -- /* James M doesn't say fuck enough. */ 2.4.3 linux/net/core/netfilter.c pgpDYnI5gpSsl.pgp Description: PGP signature
Bug#490939: ldap use_tls does not cause connection to use TLS
also sprach Vincent Bernat [EMAIL PROTECTED] [2008.09.02.1946 +0100]: Any news on this? Did you try with port 389 instead? I have not had the time to look into this again. -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems it takes more keystrokes to enter a windows license key than it takes to do a complete debian desktop install! -- joey hess digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#490939: ldap use_tls does not cause connection to use TLS
OoO En ce début d'après-midi ensoleillé du mardi 15 juillet 2008, vers
15:19, martin f krafft [EMAIL PROTECTED] disait :
in my $rcmail_config['ldap_public']['dir.madduck.net'] = array(...)
statement, but when the webmail machine connects to the server,
slapd says:
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:562
This leads me to believe that roundcube doesn't actually speak TLS.
Hi Martin!
It uses php5-ldap which seems to support TLS. I will try to setup an
LDAP server with TLS, but in the meantime, could you try this:
In /var/lib/roundcube/program/include/rcube_ldap.php, could you try to
apply this patch:
--- /var/lib/roundcube/program/include/rcube_ldap.php~ 2008-06-06 11:42:31.0 +0200
+++ /var/lib/roundcube/program/include/rcube_ldap.php 2008-07-19 18:17:32.0 +0200
@@ -94,11 +94,11 @@
{
if ($lc = @ldap_connect($host, $this-prop['port']))
{
+ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this-prop['ldap_version']);
if ($this-prop['use_tls']===true)
if (!ldap_start_tls($lc))
continue;
-ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this-prop['ldap_version']);
$this-prop['host'] = $host;
$this-conn = $lc;
break;
Make sure that you use LDAP protocol version 3 in your LDAP entry. You
can also try to set TLS_REQCERT to never in your /etc/ldap/ldap.conf.
The TLS support is very new in roundcube:
http://trac.roundcube.net/ticket/1485104
I suppose nobody really tested it.
--
BOFH excuse #24:
network packets travelling uphill (use a carrier pigeon)
pgp1QhKfjryZ2.pgp
Description: PGP signature
Bug#490939: ldap use_tls does not cause connection to use TLS
Package: roundcube-core
Version: 0.2~alpha-1
Severity: normal
I have
'hosts' = array('dir.madduck.net'),
'port'= 636,
'use_tls' = true,
in my $rcmail_config['ldap_public']['dir.madduck.net'] = array(...)
statement, but when the webmail machine connects to the server,
slapd says:
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:562
This leads me to believe that roundcube doesn't actually speak TLS.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
.''`. martin f. krafft [EMAIL PROTECTED]
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
