[horde] Mysql ssl connection problem

Jan Schneider jan at horde.org
Fri Feb 14 10:54:44 UTC 2014 

Zitat von woj woj <wojnas at gmail.com>:

> 2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting woj woj <wojnas at gmail.com>:
>>
>>  2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>>
>>>  Citeren woj woj <wojnas at gmail.com>:
>>>>
>>>>
>>>>  Hello,
>>>>
>>>>> i got problem with ssl connection to mysql server.
>>>>> It is different server for changing passwords.
>>>>> I checked horde and httpd log, and everything is allright.
>>>>> I also checked ssl connection to mysql and its ok.
>>>>> Certificate is readable by httpd user
>>>>>
>>>>> Here is my config/config.local.php
>>>>>
>>>>>
>>>> What file is this? As far as I know, the only config/config.php file used
>>>> by horde is under admin/config/config.php, but this does not contain
>>>> variables you can override. So what are you attempting to do here?
>>>>
>>>>
>>>>  <?php
>>>>
>>>>> $conf['wsql']['username'] = 'username';
>>>>> $conf['wsql']['password'] = 'password';
>>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>>> $conf['wsql']['port'] = 3306;
>>>>> $conf['wsql']['protocol'] = 'tcp';
>>>>> $conf['wsql']['database'] = 'databasename';
>>>>> $conf['wsql']['charset'] = 'utf-8';
>>>>> $conf['wsql']['ssl'] = true;
>>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>>
>>>>>
>>>> A certification authority (that's what the 'ca' probably stands for) is
>>>> not the same as a client certificate. I'm not even sure Horde is able to
>>>> use client certificates for authentication to a Sql server.
>>>>
>>>>
>>>>  $conf['wsql']['splitread'] = false;
>>>>
>>>>> $conf['wsql']['phptype'] = 'mysql';
>>>>>
>>>>>
>>>> Where is the 'wsql' from? I can't find any references to that in Horde.
>>>>
>>>>
>>>>  P.s. I checked transmission by tcpdump, and everything is in cleartext
>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>>
>>>>  Arjen thanks for your answer.
>>>
>>> I have two mysql databases:
>>> 1. Localhost database for horde (no ssl).
>>> 2. Remote database on different host to reset passwords and activate
>>> vacations. (ssl is mandatory)
>>>
>>> I create file config.local.php in horde/config/  with definition for new
>>> variable for connection to different host.
>>>
>>
>> Horde does not read any config.local.php file.  So that's not going to do
>> anything.
>>
>>
>>  In passwd configuration I use my on varibble $GLOBALS['conf']['wsql'] for
>>> configuration, and everything works ok, except ssl connection.
>>>
>>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>>
>>
>> This won't work either.  You configure a Passwd SQL backend in the
>> passwd/config/backends.local.php file.
>>
>> You can't just start adding random config options to a configuration file
>> and expect them to do anything.
>>
>> michael
>> --
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
>
> Ok, I understand.
> I put everything in passwd/config/backends.local.php
>
> Result is the same - any ideas ?
>
> <?php
>     $backends['sql'] = array(
>     'disabled' => false,
>     'name' => 'Postfix SQL Authentication',
>     'driver' => 'Sql',
>     'policy' => array(
>         'minLength' => 8,
>         'minNumeric' => 1,
>         'minUpper' => 1,
>         'minLower' => 1,
>         'minSymbol' => 1,
>     ),
>     'params' => array(
>                         'phptype' => 'mysql',
>                         'hostspec' => 'srv_addres',
>                         'username' => 'username',
>                         'password' => 'password',
>                         'port' => '3306',
>                         'protocol' => 'tcp',
>                         'database' => 'databasename',
>                         'charset' => 'utf-8',
>                         'ssl' => true,
>                         'ca' => '/patch/to/ca-bundle.pem',
>             'table' => 'tabelname',
>             'user_col' => 'username',
>             'pass_col' => 'password',
>             'show_encryption' => false,
>             'encryption' => 'crypt-md5',
>     ),
>     'logout' => true,
> );

Unless I missed something you didn't even say what your problem is.
-- 
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject

More information about the horde mailing list