[horde] Mysql ssl connection problem
woj woj
wojnas at gmail.com
Fri Feb 14 09:43:07 UTC 2014
2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
> Quoting woj woj <wojnas at gmail.com>:
>
> 2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>
>> Citeren woj woj <wojnas at gmail.com>:
>>>
>>>
>>> Hello,
>>>
>>>> i got problem with ssl connection to mysql server.
>>>> It is different server for changing passwords.
>>>> I checked horde and httpd log, and everything is allright.
>>>> I also checked ssl connection to mysql and its ok.
>>>> Certificate is readable by httpd user
>>>>
>>>> Here is my config/config.local.php
>>>>
>>>>
>>> What file is this? As far as I know, the only config/config.php file used
>>> by horde is under admin/config/config.php, but this does not contain
>>> variables you can override. So what are you attempting to do here?
>>>
>>>
>>> <?php
>>>
>>>> $conf['wsql']['username'] = 'username';
>>>> $conf['wsql']['password'] = 'password';
>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>> $conf['wsql']['port'] = 3306;
>>>> $conf['wsql']['protocol'] = 'tcp';
>>>> $conf['wsql']['database'] = 'databasename';
>>>> $conf['wsql']['charset'] = 'utf-8';
>>>> $conf['wsql']['ssl'] = true;
>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>
>>>>
>>> A certification authority (that's what the 'ca' probably stands for) is
>>> not the same as a client certificate. I'm not even sure Horde is able to
>>> use client certificates for authentication to a Sql server.
>>>
>>>
>>> $conf['wsql']['splitread'] = false;
>>>
>>>> $conf['wsql']['phptype'] = 'mysql';
>>>>
>>>>
>>> Where is the 'wsql' from? I can't find any references to that in Horde.
>>>
>>>
>>> P.s. I checked transmission by tcpdump, and everything is in cleartext
>>>
>>>>
>>>>
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>>
>>> Arjen thanks for your answer.
>>
>> I have two mysql databases:
>> 1. Localhost database for horde (no ssl).
>> 2. Remote database on different host to reset passwords and activate
>> vacations. (ssl is mandatory)
>>
>> I create file config.local.php in horde/config/ with definition for new
>> variable for connection to different host.
>>
>
> Horde does not read any config.local.php file. So that's not going to do
> anything.
>
>
> In passwd configuration I use my on varibble $GLOBALS['conf']['wsql'] for
>> configuration, and everything works ok, except ssl connection.
>>
>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>
>
> This won't work either. You configure a Passwd SQL backend in the
> passwd/config/backends.local.php file.
>
> You can't just start adding random config options to a configuration file
> and expect them to do anything.
>
> michael
> --
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
Ok, I understand.
I put everything in passwd/config/backends.local.php
Result is the same - any ideas ?
<?php
$backends['sql'] = array(
'disabled' => false,
'name' => 'Postfix SQL Authentication',
'driver' => 'Sql',
'policy' => array(
'minLength' => 8,
'minNumeric' => 1,
'minUpper' => 1,
'minLower' => 1,
'minSymbol' => 1,
),
'params' => array(
'phptype' => 'mysql',
'hostspec' => 'srv_addres',
'username' => 'username',
'password' => 'password',
'port' => '3306',
'protocol' => 'tcp',
'database' => 'databasename',
'charset' => 'utf-8',
'ssl' => true,
'ca' => '/patch/to/ca-bundle.pem',
'table' => 'tabelname',
'user_col' => 'username',
'pass_col' => 'password',
'show_encryption' => false,
'encryption' => 'crypt-md5',
),
'logout' => true,
);
More information about the horde
mailing list