Bug#490939: ldap use_tls does not cause connection to use TLS
Hi Martin! Any news on this? Did you try with port 389 instead? Thanks. -- /* James M doesn't say fuck enough. */ 2.4.3 linux/net/core/netfilter.c pgpDYnI5gpSsl.pgp Description: PGP signature
Bug#490939: ldap use_tls does not cause connection to use TLS
also sprach Vincent Bernat [EMAIL PROTECTED] [2008.09.02.1946 +0100]: Any news on this? Did you try with port 389 instead? I have not had the time to look into this again. -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems it takes more keystrokes to enter a windows license key than it takes to do a complete debian desktop install! -- joey hess digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#490939: ldap use_tls does not cause connection to use TLS
OoO En ce début d'après-midi ensoleillé du mardi 15 juillet 2008, vers 15:19, martin f krafft [EMAIL PROTECTED] disait : in my $rcmail_config['ldap_public']['dir.madduck.net'] = array(...) statement, but when the webmail machine connects to the server, slapd says: TLS: can't accept. TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:562 This leads me to believe that roundcube doesn't actually speak TLS. Hi Martin! It uses php5-ldap which seems to support TLS. I will try to setup an LDAP server with TLS, but in the meantime, could you try this: In /var/lib/roundcube/program/include/rcube_ldap.php, could you try to apply this patch: --- /var/lib/roundcube/program/include/rcube_ldap.php~ 2008-06-06 11:42:31.0 +0200 +++ /var/lib/roundcube/program/include/rcube_ldap.php 2008-07-19 18:17:32.0 +0200 @@ -94,11 +94,11 @@ { if ($lc = @ldap_connect($host, $this-prop['port'])) { +ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this-prop['ldap_version']); if ($this-prop['use_tls']===true) if (!ldap_start_tls($lc)) continue; -ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this-prop['ldap_version']); $this-prop['host'] = $host; $this-conn = $lc; break; Make sure that you use LDAP protocol version 3 in your LDAP entry. You can also try to set TLS_REQCERT to never in your /etc/ldap/ldap.conf. The TLS support is very new in roundcube: http://trac.roundcube.net/ticket/1485104 I suppose nobody really tested it. -- BOFH excuse #24: network packets travelling uphill (use a carrier pigeon) pgp1QhKfjryZ2.pgp Description: PGP signature
Bug#490939: ldap use_tls does not cause connection to use TLS
Package: roundcube-core Version: 0.2~alpha-1 Severity: normal I have 'hosts' = array('dir.madduck.net'), 'port'= 636, 'use_tls' = true, in my $rcmail_config['ldap_public']['dir.madduck.net'] = array(...) statement, but when the webmail machine connects to the server, slapd says: TLS: can't accept. TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:562 This leads me to believe that roundcube doesn't actually speak TLS. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)