You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2010-04-02 13:18:48

concept
Member
Registered: 2009-11-04
Posts: 25

GLPI - OCS SSL MySQL sync

We're using 1 general GLPI server and multiple OCS servers.
We made the GLPI server the CA authority and generated certificates for all the OCS servers.

Is it possible to force GLPI to use SSL to sync with OCS servers?

Building up an secure MySQLconnection with the OCS servers works already.

(GLPI is installed on a debian 5.0 server, the OCS servers are debian 4.0)

Offline

#2 2010-04-02 23:49:40

JMD
GLPI - Lead
Registered: 2004-09-13
Posts: 9,180
Website

Re: GLPI - OCS SSL MySQL sync

I don't understand your question. The GLPI server  juste communicate whith the mysql server who contains the ocs DB.

JMD / Jean-Mathieu Doléans - Glpi-project.org - Association Indepnet
Apportez votre pierre au  projet GLPI   : Soutenir

Offline

#3 2010-04-08 11:52:17

concept
Member
Registered: 2009-11-04
Posts: 25

Re: GLPI - OCS SSL MySQL sync

JMD wrote:

I don't understand your question. The GLPI server  juste communicate whith the mysql server who contains the ocs DB.

First of all, sorry for the late response.

The connection between GLPI and OCS is a direct MySQL connection. But this connection is unencrypted. As the data is transfered over the web we'd like it to be encrypted. We could set up an VPN or something like that, but we use allot of OCS servers so that ain't practical.

Using a shell it will be something like this:
mysql --ssl --ssl-ca /<....>/cacert.pem -u <user> -p<pass> -h <target ip> <databasename>
This way an encrypted SSL connection is made.

By add the following text to /etc/mysql/my.cnf:
[mysql]
ssl
ssl-ca /<....>/cacert.pem

All connections will be auto encrypted.

In PHP you can do something similar:
With mysql there is: mysqli::ssl_set  (  string $key  ,  string $cert  ,  string $ca  ,  string $capath  ,  string $cipher  )

with mysql you've got the "MYSQL_CLIENT_SSL" parameter.

However, the GLPI db connect function doesn't have these parameters (and even if I edit the source code I can't get it to work, I can't event successfully use php the make a SSL MySQL connection)

Do you know any way to configure mysql / php to always use a SSL connection? (And preferably leave GLPIuntouched)

Edit: We solved the problem by editing and recompiling the php code. Now every php code will use SSL. For us this is no problem as this server is dedicated for GLPI.

Last edited by concept (2010-04-09 12:46:52)

Offline

Pages: 1

Board footer

Powered by FluxBB