Bug #1037
closedOpenvpn broken when used with LDAPS backend
0%
Description
The connection to LDAP fails if SSL is used
To get it to work, I had to add the following to /var/etc/openvpn/server1.php
putenv("LDAPTLS_CACERT=/var/etc/openvpn/server1.ca");
putenv("LDAPTLS_REQCERT=never");
Updated by Ermal Luçi about 14 years ago
- Status changed from New to Feedback
Committed your suggestions to repo.
Thank you.
Updated by Florent Daigniere about 14 years ago
There seems to be an escaping problem, with your patch server1.php contains
sed: 2: "s/\/\/<template>/$authm ...": bad flag in substitute command: 'v'
The following works for me:
$sed .= "putenv(\"LDAPTLS_CACERT=\/var\/etc\/openvpn\/{$mode_id}.ca\");\\\n";
$sed .= "putenv(\"LDAPTLS_REQCERT=hard\");\\\n";
I didn't manage to get the other replacement string escaped properly
Updated by Ermal Luçi about 14 years ago
Try the latest snapshot and see if i got this right this time.
Updated by Florent Daigniere about 14 years ago
Nope. Still broken.
You are missing a semi-column in befad72821f522bf2c23a883f72ade8af48b8533.
-$sed .= " \$modeid = \"{$mode_id}\"";
+$sed .= " \$modeid = \"{$mode_id}\";";
With that fixed, it works.
By the way, you might also want to change LDAPTLS_REQCERT from never to hard everywhere (force the certificate verification). I am filling in another bug for it.
Updated by Florent Daigniere about 14 years ago
It's confirmed-working with 1bab0df1b7fd06ecb2818f69187214a70de238b9
The other bug I was referring to:
bug #1052: Certificate validation of the LDAPS servers is not enforced
Thanks :)
Updated by Chris Buechler about 14 years ago
- Status changed from Feedback to Resolved