Bug #1037
closed
Openvpn broken when used with LDAPS backend
Added by Florent Daigniere over 13 years ago.
Updated over 13 years ago.
Description
The connection to LDAP fails if SSL is used
To get it to work, I had to add the following to /var/etc/openvpn/server1.php
putenv("LDAPTLS_CACERT=/var/etc/openvpn/server1.ca");
putenv("LDAPTLS_REQCERT=never");
- Status changed from New to Feedback
Committed your suggestions to repo.
Thank you.
There seems to be an escaping problem, with your patch server1.php contains
sed: 2: "s/\/\/<template>/$authm ...": bad flag in substitute command: 'v'
The following works for me:
$sed .= "putenv(\"LDAPTLS_CACERT=\/var\/etc\/openvpn\/{$mode_id}.ca\");\\\n";
$sed .= "putenv(\"LDAPTLS_REQCERT=hard\");\\\n";
I didn't manage to get the other replacement string escaped properly
Try the latest snapshot and see if i got this right this time.
Nope. Still broken.
You are missing a semi-column in befad72821f522bf2c23a883f72ade8af48b8533.
-$sed .= " \$modeid = \"{$mode_id}\"";
+$sed .= " \$modeid = \"{$mode_id}\";";
With that fixed, it works.
By the way, you might also want to change LDAPTLS_REQCERT from never to hard everywhere (force the certificate verification). I am filling in another bug for it.
It's confirmed-working with 1bab0df1b7fd06ecb2818f69187214a70de238b9
The other bug I was referring to:
bug #1052: Certificate validation of the LDAPS servers is not enforced
Thanks :)
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by Ermal Luçi 
Updated by