within include/classes/class.cldap.php I notice that there is a starttls option, what do we have to do to enable LDAP tls/ssl over port 389? I was hoping to avoid messing with /etc/openldap/ldap.conf and putting ssl certs on etc.

I basically have a need to encrypt not only HTTP traffic but to encrypt our passwords that fly over the network to our Active Directory server.

If this isn't the right direction to accomplish that, please let me know!

Is there no way to get TLS over port 389?

I have the same problem. Can you implement the encrypted option?

Just set 'starttls' to 'true':


[root@zabbix ~]# diff -C2 /var/www/html/zabbix/include/classes/class.cldap.php.orig /var/www/html/zabbix/include/classes/class.cldap.php
*** /var/www/html/zabbix/include/classes/class.cldap.php.orig Mon Feb 21 20:44:51 2011
--- /var/www/html/zabbix/include/classes/class.cldap.php Mon Feb 21 20:33:31 2011
***************
*** 48,52 ****
'version'=> 3,

! 'starttls'=> null,
'deref'=> null,
);
--- 48,52 ----
'version'=> 3,

! 'starttls'=> true,
'deref'=> null,
);
[root@zabbix ~]#


Don't forget to disable the need of a valid server certificate in case you havn't installed/configured a proper CA certificate:


--- SNIP /etc/openldap/ldap.conf ---
TLS_REQCERT allow
--- END /etc/openldap/ldap.conf ---

Is there no way to define this in a clean way through configuration?

Thanks
Steffen