Using LDAPS with PHP / certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm trying to contact an openLDAP from Apache server (on windows) using PHP
using LDAPS

Here is my sample code :

$host="ldaps://srvLDAP";
$port="636";
$ds=ldap_connect($host,$port);
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
$r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","exemple" );
$sr=ldap_search($ds,"o=exemple,dc=fr",("objectClass=exemple" ));
$info=ldap_get_entries($ds,$sr);
print $info["count"]." enregistrements trouvés.";


I passed lot of time trying configuring my servers and here is what i have
done :

First i configured my openLDAP server :

slapd.conf:
#cert requested for the ldapserver
TLSCertificateFile      ./ssl2/srvLDAP.cer
TLSCertificateKeyFile   ./ssl2/srvLDAP.key
#CA cert
TLSCACertificateFile    ./ssl2/cacert.cer
TLSVerifyClient         never

ldap.conf:
TLS_CACERT      ./ssl2/cacert.cer
TLS_REQCERT     never

On my apache server i created a folder C:\openldap\sysconf
and created a file ldap.conf :

TLS_CACERT      ./ssl/cacert.cer
TLS_REQCERT     never

(I also created a folder c:\openldap\sysconf\ssl and put my CA certificate
inside it)
(of course I activated ldap and ssl in my php.ini)

>From now it DOES work BUT it doesn't verify any certificate.

I want now to make it verifying the certificate. I know i have to
change TLS_REQCERT     never to TLS_REQCERT     demand on openldap server
and apache server. I tryed but it doesn't work. I can't contact ldap server..

On the openLDAP I have this following error:

connection_read(1176): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(1176): got connid=0
connection_read(1176): checking for input on id=0
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return
 a certificate s3_srvr.c:2471
connection_read(1176): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=1176 for close
connection_close: conn=0 sd=1176


That means that the openLDAP can't check the client certificate cuz PHP and
Apache don't send any to it.

I heard about a ldaprc file but I can't find any information about it...

Is there somebody who can help me with this ?

Thank you very much in advance.

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux