RE: [otrs] Re: LDAP/TLS
Please do pardon my ignorace... TLS? I'm no expert at LDAP... That code segment was taken from searching through posts on the lists.otrs.org server. - Pete McDonnell Manager, Technical Services Hip Interactive
That looks very similar to what I have for a non-TLS connection to an LDAP server. I need to know how to enable the TLS part. Where is that in your config?
Jason ================================= _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
Pete McDonnell wrote:
Please do pardon my ignorace... TLS? I'm no expert at LDAP... That code segment was taken from searching through posts on the lists.otrs.org server.
- Pete McDonnell Manager, Technical Services Hip Interactive
That looks very similar to what I have for a non-TLS connection to an LDAP server. I need to know how to enable the TLS part. Where is that in your config?
Jason ================================= _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? =http://www.otrs.de/
TLS stands for Transport Layer Security. It's a way of encrypting communications and not specfic to LDAP. It's very similar to viewing a web page via HTTP usually on port 80 versus HTTPS usually on port 443 using SSL to encrypt communications. In LDAP you can have non-encyrpted communications usually on port 389 or encrypted LDAPS communications usually on port 636 or you can use TLS to encrypt the traffic on port 389 so you don't have to use up another port. Also LDAPS is non-standard and LDAP/TLS is a standard. Jason =================================
Pete McDonnell wrote:
Please do pardon my ignorace... TLS? I'm no expert at LDAP... That code segment was taken from searching through posts on the lists.otrs.org server.
- Pete McDonnell Manager, Technical Services Hip Interactive
That looks very similar to what I have for a non-TLS connection to an LDAP server. I need to know how to enable the TLS part. Where is that in your config?
Jason =================================
I edited Kernel/System/Auth/LDAP.pm and added a few lines: # ldap connect and bind (maybe with SearchUserDN and SearchUserPw) my $LDAP = Net::LDAP->new($Self->{Host}, %{$Self->{Params}}) or die "$@"; # START of addition... our $ADSERVER_CA = "/usr/share/ssl/certs/thawte.pem" ; $LDAP->start_tls( verify => 'require', cafile => $ADSERVER_CA, ) ; # END of addition This allows me to connect to an Active Directory. You need to save the certificate of the certificate authority who signed the certificate of the ActiveDirectory domain controller in a file.
participants (3)
-
Jason Joines -
OTRS main list -
Pete McDonnell