Quantcast

[Davical-general] Davical LDAPS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Davical-general] Davical LDAPS

Sebastian Erasmus
Good day,

I would like to know if there is a way to get Davical to work on LDAPS

I have tested the following and does not work but normal Port 389 works
fine

  $c->authenticate_hook['call'] = 'LDAP_check';
  $c->do_not_sync_from_ldap = array( 'admin' => true );
  $c->authenticate_hook['config'] = array(
       'host'            => 'ldaps://dc1.ad.sensepost.com',
       'port'            => '636',
       'protocolVersion' => '3',
...
...
...

If I could get some help with this
Regards

--
Sebastian Erasmus                                                      
SensePost Information Security  
M: +27 72 980 8025
T: +27 12 764 9119 / +27 12 460 0880
pgp: https://www.sensepost.com/pgp/sebastian.txt



------------------------------------------------------------------------------

_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Davical LDAPS

Florian Schlichting-2
Hi Sebastian,

> I would like to know if there is a way to get Davical to work on LDAPS

that's supposed to work, see for example the documentation at
http://wiki.davical.org/index.php/Configuration/Authentication_Settings/LDAP

> I have tested the following and does not work but normal Port 389 works
> fine
>
>   $c->authenticate_hook['call'] = 'LDAP_check';
>   $c->do_not_sync_from_ldap = array( 'admin' => true );
>   $c->authenticate_hook['config'] = array(
>        'host'            => 'ldaps://dc1.ad.sensepost.com',
>        'port'            => '636',
>        'protocolVersion' => '3',

I'd say this should work, but have you tried putting the port into the
ldaps:// string as well? I haven't looked at the code but the docs sound
a bit like "if you want SSL-on-connect instead of startTLS, the 'host'
setting has to be a complete URI"...

Florian

------------------------------------------------------------------------------
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Loading...