johnnnyb
Forum Replies Created
-
Forum: Plugins
In reply to: [authLdap] Plugin does not work with php-fpm?@heiglandreas very good idea to extend the app for self signed certificates! In the mean time – I found a workaround – edited /etc/hosts file for internal IP to match CN name in certificate – looks like plugin works now perfectly fine! Just have to check network traffic with tcpdump if connection to LDAP server is encrypted.
About my setup for this website – production server is an older one – centos 7.9, with php 7.4.x and apache+mod_php and nginx+php-fpm (same prod server both using same php environment). I want to migrate website to new server (Rocky Linux 9.2) with php 8.x. I had one problem – AuthLDAP was not working with php-fpm. If I will be able to confirm that traffic is encrypted to ldap server, then problem solved!
Thank you for a great plugin! Thank you everyone for comments and ideas.
Forum: Plugins
In reply to: [authLdap] Plugin does not work with php-fpm?on the production server I have older php – 7.4. But tested and tried both – apache with mod_php, and nginx with php-fpm. They both use same php binary, there is slight possibility that somehow they use different php.ini files. But it shouldn’t. Cert is from well know CA. But you gave me an idea – I’ll try to check with a hostname, not the IP, maybe certificate validation is the problem. But I cannot understand how mod_php works – plugin config url is the same for both – with internal server IP. I think I need to disable certificate check in php-fpm case, but cannot think where to disable it, plugin does not have that option.
Forum: Plugins
In reply to: [authLdap] Plugin does not work with php-fpm?thanks for the response. LDAP module (php) is enabled and working fine with php-fpm. The current issue is that plugin does not work nginx and php-fpm ONLY if starttls option is enabled. If option is disabled, ldap authentication with php-fpm works fine. But I’m not sure WHY mod_php is able to use OS CAs, or atleast certificate verification is not done and php-fpm don’t.
Forum: Plugins
In reply to: [authLdap] Plugin does not work with php-fpm?Yeap. This is a strange “thing” to me too. PHP and libs (ldap) should be webserver agnostic. I was able to debug some traffic beetween wordpress server and LDAP server. Looks like apache with mod php is able to use starttls, and php-fpm with nginx not. I am thinking about trusted CAs or sertificate cn’s . php-fpm somehow does not use OS CAs or is unable to verify cert and then starttls while in the mean time apache does that perfectly fine.