Differences

This shows you the differences between two versions of the page.

--- niota-docs:niota_system_config_ldap [2021/11/21 19:04]
admin
+++ niota-docs:niota_system_config_ldap [2025/07/17 14:11] (current)
@@ Line 13: / Line 13: @@
 In the file ''ldap.conf'' the certificate-folder and certificate-file path can be set. The client certificate checking method can be specified as well. These can be set with the next three directives what you can define in the ''ldap.conf'' file:
-=== ''TLS_REQCERT'' ===
+**''TLS_REQCERT''**\\
-This directive specifies what checks to perform on client certificates in an incoming TLS session, if any.
+This directive specifies which checks to perform on client certificates in an incoming TLS session, if any.
 Accepted values are:
   * ''never''
@@ Line 21: / Line 22: @@
   * ''demand''
-In the case of self-signed certificates it is recommended to use the ''never'' or the ''allow'' settings.
+In the case of self-signed certificates it is recommended to use the ''never'' or the ''allow'' setting.
 E.g.:
@@ Line 27: / Line 28: @@
 TLS_REQCERT allow
 </code>
-Important! Even if the setting is set to never the certificate must exsist and the path must set correctly! The setting does not mean that you do not have to own the certificate.
+**Important**\\
+Even if the setting is set to ''never'' the certificate must exist and the path must be set correctly! The setting does not mean that you do not have to own the certificate.
+**''TLS_CACERT''**\\
+Certificate file path. The certificate must not be placed in the same folder as the ''ldap.conf'' file but it is also not a problem to place it into the folder ''c:\openldap\sysconf''
+Example 1
+<code>
+TLS_CACERT c:\path\to\certification_dir\file.cer
+</code>
+Example 2
+<code>
+TLS_CACERT c:\openldap\sysconf\certificate.cer
+</code>
+**Important**\\
+The certification file content must be in Base64 format. You can check it for example by opening the certificate in Notepad. Content should look like this example:
+<code>
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIJAPsChKSq04oyMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+...
+-----END CERTIFICATE-----
+</code>
+**''TLS_CACERTDIR''**
+Certificate folder path. The certificate must not be placed in the same folder as the ''ldap.conf'' file but it is also not a problem to place this into that folder ''c:\openldap\sysconf''.
+Example 1
+<code>
+TLS_ CACERTDIR c:\path\to\certification_dir\
+</code>
+Example 2
+<code>
+TLS_ CACERTDIR c:\openldap\sysconf\
+</code>
+**Note**
+----
+There are openssl related php settings in the configuration file ''c:\Program Files\php-7.3.8_x64\php.ini'' (;openssl.cafile and ;openssl.capath) but those do not have effect on settings set in file ''ldap.conf'' or on LDAPS connection. So the proper settings must be set in file ''c:\openldap\sysconf\ldap.conf''
+----
+For more information visit the openLDAP documentation at: https://www.openldap.org/doc/admin21/tls.html
+   * Restart Apache
+remarks
+----
+On niota administrative pages at menu item ''User management'' the ''Userid LDAP'' setting is not in use anymore. The user input of the login screen will be used for authentication against the LDAP(S) server.
+On niota administrative pages at menu item “User management” select the user who will get right to LDAP(S) authentication. Then mark checkbox: “LDAP active” and save the settings.
+Now the edited user can use only his/her LDAP credentials to log in.
+----
+  * set LDAP(S) connection in file ''niota/conf/connections.php''
+Sample configuration file: “niota\app\conf\connections_sample.php”.
+<code>
+const ET_LDAP_AUTHENTICATION = array(
+	//ldaps
+	PHPGRID_DB_HOSTNAME	=>"ldaps://my.hostname.com:636",
+	PHPGRID_DB_DN 		=>"dc=my,dc=hostname,dc=com",
+	//simple ldap
+	//PHPGRID_DB_HOSTNAME	=>"ldap://my.hostname.com:389",
+	//PHPGRID_DB_DN 	=>"dc=my,dc=hostname,dc=com",
+);
+</code>

niota

User Tools

Site Tools

Differences

Page Tools