Greetings,
(That Iplanet word must have peaked your interest...riight...)
OS: Solaris 9
CC: GCC 3.2.2
APP: Sun ONE Web Server 6.2SP2
LDAP: Sun ONE Directory Server 5.2 (configured for SSL and confirmed with non-php apps)
Configured PHP 4.3.8/or 5.1 with openssl, openldap, libxml, zlib using GCC 3.2.2 (all latest stable versions).
Created and installed the certificates. Verified using openssl programs and ldapsearch
utils.
I have a *few* questions
a) Internet research to get ldaps working with PHP tells me that I have to setup a HOME environment
variable for the Web Server User and dump a .ldaprc file in there, in addition to specifying option in
the ldap.conf file. I did that in the magnus.conf file using init-cgi directive.
The Env Variable is visible to all the cgi programs. HOWEVER, the phpinfo()
command does not pick up that (and all of my other user Environment variables such as ORACLE_HOME etc)
and hence does not see that file. phpinfo() keeps reporting that the user is root (I don't want that!).
The Web Server runs as a non-root user.
What gives ? I read some docs but they are not clear on how to pass these env variables..
Q: How can I make vendor/custom environment variables available for PHP running in IPLANET server ?
b) I added the following lines to my /usr/local/openldap/etc/openldap/ldap.conf file
# Instruct client to NOT request a server's cert.
TLS_REQCERT never
# Define location of CA Cert
TLS_CACERT /usr/local/ssl/certs/AD_CA_CERT.pem
TLS_CACERTDIR /usr/local/ssl/certs
#--end--
The ldapsearch util works good and makes SSL connection to the ldap server (using ldapsearch -H "ldaps://server.tigr.org")
To test PHP's ability, I am using the connect_AD function from the PHP man page (replicated below)
function connect_AD()
{
$ldap_server = "ldaps://adserver.ad.com" ;
$ldap_user = "CN=web service account,OU=Service Accounts,DC=ad,DC=com" ;
$ldap_pass = "password" ;
$ad = ldap_connect($ldap_server) ;
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
$bound = ldap_bind($ad, $ldap_user, $ldap_pass);
return $ad ;
}
BUT the above function does not work. It just "hangs" at the ldap_connect stage. No output on snoop also (tcpdump for solaris).
However, when I tried to specifiy ldap_connect (server, 636), it get's past that point but hangs at ldap_bind.
I have a feeling that PHP under IPLANET is just not able to pick up the installed certificates. May be connected to the fact
that I can't get it retrieve my environment variables specified in the server ... ?
Any pointers ? please ? I will summarize once i find a solution.
many many tia
rajeev
