Ad Widget

Collapse

Zabbix front-end php starttls

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • alubel
    Junior Member
    • Jan 2010
    • 13
    #1

    Zabbix front-end php starttls

    within include/classes/class.cldap.php I notice that there is a starttls option, what do we have to do to enable LDAP tls/ssl over port 389? I was hoping to avoid messing with /etc/openldap/ldap.conf and putting ssl certs on etc.

    I basically have a need to encrypt not only HTTP traffic but to encrypt our passwords that fly over the network to our Active Directory server.

    If this isn't the right direction to accomplish that, please let me know!
    Tags: authentication, ldaps, starttls
    • alubel
      Junior Member
      • Jan 2010
      • 13
      #2
      Is there no way to get TLS over port 389?

        Comment

        • tarufeti
          Junior Member
          • Jul 2009
          • 1
          #3
          I have the same problem. Can you implement the encrypted option?

            Comment

            • BDiE8VNy
              Senior Member
              • Apr 2010
              • 680
              #4
              Just set 'starttls' to 'true':

              Code:
              [root@zabbix ~]# diff -C2 /var/www/html/zabbix/include/classes/class.cldap.php.orig /var/www/html/zabbix/include/classes/class.cldap.php
*** /var/www/html/zabbix/include/classes/class.cldap.php.orig	Mon Feb 21 20:44:51 2011
--- /var/www/html/zabbix/include/classes/class.cldap.php	Mon Feb 21 20:33:31 2011
***************
*** 48,52 ****
  				'version'=> 		3,
  
! 				'starttls'=>		null,
  				'deref'=>			null,
  			);
--- 48,52 ----
  				'version'=> 		3,
  
! 				'starttls'=>		true,
  				'deref'=>			null,
  			);
[root@zabbix ~]#
              Don't forget to disable the need of a valid server certificate in case you havn't installed/configured a proper CA certificate:

              Code:
              --- SNIP /etc/openldap/ldap.conf ---
TLS_REQCERT     allow
--- END /etc/openldap/ldap.conf ---

                Comment

                • StephenKing
                  Junior Member
                  • Sep 2011
                  • 19
                  #5
                  Is there no way to define this in a clean way through configuration?

                  Thanks
                  Steffen

                    Comment

                    • zalex_ua
                      Senior Member
                      Zabbix Certified Trainer
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Oct 2009
                      • 1286
                      #6
                      Who would like to create a feature request ?
                      Log into Atlassian - ZABBIX SUPPORT
                      https://support.zabbix.com/browse/ZBXNEXT

                        Comment

                        • StephenKing
                          Junior Member
                          • Sep 2011
                          • 19
                          #7
                          Done: https://support.zabbix.com/browse/ZBXNEXT-1596

                            Comment

                            • MikeHurn
                              Junior Member
                              • Jun 2020
                              • 1
                              #8
                              As an FYI - In Red Hat & CentOS 8.x SSL has been disabled!
                              See https://access.redhat.com/documentat...uring-networks
                              I don't have much hope in running ldaps BTW it failed when I tried to configure it!

                                Comment

                                Previous template Next
                                Working...