LDAP CERTIFICATE support is available in Cacti, but there is no documentation for it #149
Labels
Comments
|
@bmfmancini One for you? |
|
Got it |
|
Yea, the way we support it is by placing those settings in the environment of Apache/PHP, so that those variables can be found and processed. This was added a while ago. There is a version dependency of course, but if you are using like PHP7.3++, it should not be a problem. Here is the relevant code snippet. if (getenv('TLS_CERT') != '' && defined('LDAP_OPT_X_TLS_CERTFILE')) {
cacti_log('NOTE: Settings TLS_CERT to ' . getenv('TLS_CERT'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
ldap_set_option(null, LDAP_OPT_X_TLS_CERTFILE, getenv('TLS_CERT'));
}
if (getenv('TLS_CACERT') != '' && defined('LDAP_OPT_X_TLS_CACERTFILE')) {
cacti_log('NOTE: Settings TLS_CACERT to ' . getenv('TLS_CACERT'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
ldap_set_option(null, LDAP_OPT_X_TLS_CACERTFILE, getenv('TLS_CACERT'));
}
if (getenv('TLS_KEY') != '' && defined('LDAP_OPT_X_TLS_KEYFILE')) {
cacti_log('NOTE: Settings TLS_KEY to ' . getenv('TLS_KEY'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
ldap_set_option(null, LDAP_OPT_X_TLS_KEYFILE, getenv('TLS_KEY'));
}
if (getenv('TLS_CACERTDIR') != '' && defined('LDAP_OPT_X_TLS_CACERTDIR')) {
cacti_log('NOTE: Settings TLS_CACERTDIR to ' . getenv('TLS_CACERTDIR'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
ldap_set_option(null, LDAP_OPT_X_TLS_CACERTDIR, getenv('TLS_CACERTDIR'));
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In the following bug report, it is reported that Cacti already supports certificates for LDAP, but that there is no documentation. Please document it.
Cacti/cacti#1573
The text was updated successfully, but these errors were encountered: