Following up on the prior sequence of posts, this will document the learning/attempt path to get my cert installed on my dreamhost account that will enable drupal ldapauth to use secure communication with our Active Directory server.
This shows how to use openSSL to generate a self-signed certficate. Not what I need right now, but if I end up having to abandon using the MSFT self-signed, I'll come back to this.
http://www.neilstuff.com/apache/apache2-ssl-windows.htm
This looks promising... googled "ldapauth client SSL certificate active directory"
http://www.muquit.com/muquit/software/mod_auth_ldap/ssl_tls.html:
Ok, that got me through exporting the cer file from Microsofts Certificate Authority. FTP's the file up to my dreamhost account, and ran the steps to create a .pem file. On to getting ldapauth to see and use that file...
Not sure where to set the path for the pem file in the ldapauth module setup. Within ldapinterface.php there is a secretKey = null attribute that goes along with tls setting on the next line. However, it may not go here at all and maybe part of the openldap or openssl configuration.
Here's the current error message when I check "Start TLS" in the ldap integration settings in drupal administration:
warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Decoding error in /home/snip/modules/ldap_integration/ldap_integration/LDAPInterface.php on line 128.
My php install directory is php5, which contains an etc folder which contains an openldap folder which contains an ldap.conf file which is where I believe the cert reference needs to exist. Err, maybe not. The script above indicates i need to create an ldaprc file and reference the pem file there.
http://edoceo.com/liber/network-openldap.php
The docs are not consistent on what the ldaprc file switch contains.
muquit says:
TLS_CACERT /usr/local/certs/cacert.pem
TLS_REQCERT allow
Which I changed to:
TLS_CACERT $HOME/.ssl/[domain].pem
TLS_REQCERT allowApache needs to know where to find the ldaprc... snipped from muquit:
Before starting apache set a env variable (probably in apachectl) like:
LDAPCONF=/path_of/ldaprc
export LDAPCONFHow does that work on Dreamhost??
Do i put this in .htaccess?
The very last post in this thread indicates that TLS is NOT supported by Windows 2000 domain controllers!!!! If that's the case, where do i go from here? How do I get ldapauth module to use ssl instead of tls?
http://forums.gentoo.org/viewtopic-t-295330-highlight-modauthldap+ssl.html
http://forum.java.sun.com/thread.jspa?threadID=592611&tstart=240
And the final word??
http://support.microsoft.com/kb/321051
"Windows 2000 does not support the Start TLS extended-request functionality"
So do I need to hack the ldapauth module in drupal to use ldaps? will this automatically use ssl and the local cert instead of startTLS?
http://drupal.org/node/75645
Additional References
http://www.openldap.org/lists/openldap-software/200403/msg00034.html
http://www.thetipspool.com/freenode/ldap/27Apr2007/3
This one has a good thread about getting apache to see the ldap cert file.
http://forums.gentoo.org/viewtopic-t-295330-highlight-modauthldap+ssl.html
3 comments:
The hosting information of the post was really good, interesting, Keep updating.
Hit on our tags to know more.
Dedicated Servers in India | Cheap Dedicated Hosting India | Dedicated Hosting companies India
Best offshore hosting and offshore web Hosting with 99.9% Up time Guarantee DMCA Ignored Hosting by webcare360.com
Your complete Facial Attendance & access Control Solution at one place
Scalable solution for your projects with reliability
access control system
Post a Comment