Le 07/04/2020 à 11:06, Arnaud Gymnase a écrit : > > Hello all, > > > I was able to connect to my Openldap server but in a non.secure way. > > Now, I'm trying to connect to my OpenLDAP using SSL. > > I can telnet my OpenLDAP server on port 636 : > > [root@ssp /]# telnet 10.163.232.5 636 > Trying 10.163.232.5... > Connected to 10.163.232.5. > Escape character is '^]'. > > I changed my config.inc.local.hp file to connect to my ldap server > like this : > > /# LDAP > $ldap_url = "ldaps://10.163.232.5:636"; > $ldap_starttls = false;/ > > And I copy my CA certificate in /etc/pki/tls/certs folder ( > /etc/ssl/certs/ is linked to that folder, too) > > but my certificate is a .pem .. and I dont know if this can works ... > > For the while, I've the following error : > > [php7:notice] [pid 16478] [client 10.166.239.101:56441] PHP Notice: > Undefined variable: obscure_failure_messages in > /usr/share/self-service-password/pages/sendtoken.php on line 212, > referer: http://10.163.232.10/index.php > [Tue Apr 07 10:28:59.284274 2020] [php7:warn] [pid 16478] [client > 10.166.239.101:56441] PHP Warning: in_array() expects parameter 2 to > be array, null given in > /usr/share/self-service-password/pages/sendtoken.php on line 212, > referer: http://10.163.232.10/index.php > [Tue Apr 07 10:32:22.275191 2020] [php7:warn] [pid 16822] [client > 10.166.239.101:56528] PHP Warning: preg_match(): Allocation of JIT > memory failed, PCRE JIT will be disabled. This is likely caused by > security restrictions. Either grant PHP permission to allocate > executable memory, or set pcre.jit=0 in > /usr/share/self-service-password/index.php on line 56, referer: > http://10.163.232.10/index.php > [Tue Apr 07 10:32:22.814523 2020] [php7:warn] [pid 16822] [client > 10.166.239.101:56528] PHP Warning: ldap_bind(): Unable to bind to > server: Can't contact LDAP server in > /usr/share/self-service-password/pages/sendtoken.php on line 72, > referer: http://10.163.232.10/index.php > > could it come from the type of my certificate ? > >
As written in the doc, you should need to modify your ldap.conf file to point to your CA certificate See https://ltb-project.org/documentation/self-service-password/latest/config_ldap -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com
_______________________________________________ ltb-users mailing list ltb-users@lists.ltb-project.org https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
