[horde] Mysql ssl connection problem
Jan Schneider
jan at horde.org
Fri Feb 14 10:54:44 UTC 2014
Zitat von woj woj <wojnas at gmail.com>:
> 2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting woj woj <wojnas at gmail.com>:
>>
>> 2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>>
>>> Citeren woj woj <wojnas at gmail.com>:
>>>>
>>>>
>>>> Hello,
>>>>
>>>>> i got problem with ssl connection to mysql server.
>>>>> It is different server for changing passwords.
>>>>> I checked horde and httpd log, and everything is allright.
>>>>> I also checked ssl connection to mysql and its ok.
>>>>> Certificate is readable by httpd user
>>>>>
>>>>> Here is my config/config.local.php
>>>>>
>>>>>
>>>> What file is this? As far as I know, the only config/config.php file used
>>>> by horde is under admin/config/config.php, but this does not contain
>>>> variables you can override. So what are you attempting to do here?
>>>>
>>>>
>>>> <?php
>>>>
>>>>> $conf['wsql']['username'] = 'username';
>>>>> $conf['wsql']['password'] = 'password';
>>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>>> $conf['wsql']['port'] = 3306;
>>>>> $conf['wsql']['protocol'] = 'tcp';
>>>>> $conf['wsql']['database'] = 'databasename';
>>>>> $conf['wsql']['charset'] = 'utf-8';
>>>>> $conf['wsql']['ssl'] = true;
>>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>>
>>>>>
>>>> A certification authority (that's what the 'ca' probably stands for) is
>>>> not the same as a client certificate. I'm not even sure Horde is able to
>>>> use client certificates for authentication to a Sql server.
>>>>
>>>>
>>>> $conf['wsql']['splitread'] = false;
>>>>
>>>>> $conf['wsql']['phptype'] = 'mysql';
>>>>>
>>>>>
>>>> Where is the 'wsql' from? I can't find any references to that in Horde.
>>>>
>>>>
>>>> P.s. I checked transmission by tcpdump, and everything is in cleartext
>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>>
>>>> Arjen thanks for your answer.
>>>
>>> I have two mysql databases:
>>> 1. Localhost database for horde (no ssl).
>>> 2. Remote database on different host to reset passwords and activate
>>> vacations. (ssl is mandatory)
>>>
>>> I create file config.local.php in horde/config/ with definition for new
>>> variable for connection to different host.
>>>
>>
>> Horde does not read any config.local.php file. So that's not going to do
>> anything.
>>
>>
>> In passwd configuration I use my on varibble $GLOBALS['conf']['wsql'] for
>>> configuration, and everything works ok, except ssl connection.
>>>
>>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>>
>>
>> This won't work either. You configure a Passwd SQL backend in the
>> passwd/config/backends.local.php file.
>>
>> You can't just start adding random config options to a configuration file
>> and expect them to do anything.
>>
>> michael
>> --
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
>
> Ok, I understand.
> I put everything in passwd/config/backends.local.php
>
> Result is the same - any ideas ?
>
> <?php
> $backends['sql'] = array(
> 'disabled' => false,
> 'name' => 'Postfix SQL Authentication',
> 'driver' => 'Sql',
> 'policy' => array(
> 'minLength' => 8,
> 'minNumeric' => 1,
> 'minUpper' => 1,
> 'minLower' => 1,
> 'minSymbol' => 1,
> ),
> 'params' => array(
> 'phptype' => 'mysql',
> 'hostspec' => 'srv_addres',
> 'username' => 'username',
> 'password' => 'password',
> 'port' => '3306',
> 'protocol' => 'tcp',
> 'database' => 'databasename',
> 'charset' => 'utf-8',
> 'ssl' => true,
> 'ca' => '/patch/to/ca-bundle.pem',
> 'table' => 'tabelname',
> 'user_col' => 'username',
> 'pass_col' => 'password',
> 'show_encryption' => false,
> 'encryption' => 'crypt-md5',
> ),
> 'logout' => true,
> );
Unless I missed something you didn't even say what your problem is.
--
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject
More information about the horde
mailing list