Kolab-webadmin and StartTLS LDAP

Emmanuel MICHEL emmanuel.michel at wanadoo.fr
Thu Jun 27 01:17:37 CEST 2013


Le 26/06/2013 19:58, Emmanuel MICHEL a écrit :
> Le 26/06/2013 09:31, Aleksander Machniak a écrit :
>> '-ZZ' ?

I found the solution but I don't know if it has any security implication 
so I would need your advice Aleksander. So, here it is:

In /usr/share/kolab-webadmin/lib/ext/Net/LDAP3.php

                 $moz_ldapsearch,
                 '-ZZZ',
                 '-P /etc/dirsrv/slapd-myinstance',

Three Z is just to enforce the StartTLS request but two Z also works.

Then we need to add apache user to the dirsrv group. I believe 
explanation is because StartTLS ldapsearch command is launched by apache 
which then needs access to the SSL certificate database in 
/etc/dirsrv/slapd-myinstance :

usermod -a -G dirsrv www-data

and reboot.

I hope this will help to improve kolab-webadmin in order to ease this 
kind of setup in future versions.

Bests,

EM




More information about the users mailing list