PHP7, LDAP & TLS

It’s been quite a while since I’ve updated this blog, but not because we’ve run out of problems – most of the issues were either too complex to document them in a simple article, too confidential to be allowed to be documented here, or both. And I’ve been pretty busy fighting bugs, too, leaving close to no time for getting updates into this blog. So to set a new starting point, here’s a smaller recent issue.

While migrating a PHP application to a newly set up server platform, an issue with non-working connections to a back-end LDAP server turned up. The application just reported some generic problem, while the log revealed a bit more information:

Unable to start TLS and unable to fetch rootDSE entry to see if TLS is supported: Can't contact LDAP server

Fortunately, the LDAP server wasn’t down nor malfunctioning, and fortunately invoking “ldapsearch” to verify the state of the LDAP server (of course invoked on the server running the PHP application) gave an immediate hint at the root cause:

# ldapsearch -Wx -ZZ -h ldap.example.com -b "dc=example,dc=com" "(objectClass=*)" 
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)
#

Indeed, the LDAP server was configured to use a certificate that was issued by an internal Certification Authority, the latter using a self-signed certificate. But that’s nothing new and the CA certificate was available on the server where we called “ldapsearch”, so what’s the deal? Continue reading

Posted in howto, openssl, OpenSUSE | Tagged , , | Leave a comment

FRITZ!WLAN USB Stick N v2 on openSUSE Leap 42.1

I recently had to deal with a freshly bought HP laptop (called “HP 15-BA030NG”), a basically nice piece of hardware, nothing fancy but doing its job under openSUSE Leap 42.1. We moved the laptop to a location where it had to access a 5 GHz WLAN, no 2.4 GHz networks available. To cut the story short: That 2016 hardware comes without 5 GHz support. (HP, are you listening? What a crappy design decision, just to save a few cents!)

So we took a USB WLAN stick, “FRITZ!WLAN USB Stick N v2”, and hoped for plug&play. Continue reading

Posted in howto, Linux, OpenSUSE | Leave a comment

LibreOffice not showing installed font on Linux

Here’s another quick one – although I have simply been lucky to find the answer so fast.

While having some documents going through corporate review, it was noted that the PDF and print versions wouldn’t show some parts using the expected fonts. Looking at the list of available fonts in Linux (via “fc-cat |grep NameOfMissingFont”), the font files were clearly included. But when checking the list of available fonts in LibreOffice writer, the fonts were nowhere to be found. Hence, although the template file for these documents referenced the correct fonts, LibreOffice substituted them “silently” by some other available fonts. Continue reading

Posted in Linux | Leave a comment