RE: PHP + SSL + LDAP + IPLANET

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



OK - just got a bit crazier! 

That function works when running on the command line. 
As the root user, as the webserver user and ANY user 
who can run the php command (truss on php shows that it
IS reading the ldap.conf file from /usr/local/openldap/etc)

But why does it not work from the Web Server ?!

rajeev



-----Original Message-----
From: Karamchedu, Rajeev K. [mailto:rajeev@xxxxxxxx]
Sent: Sun 9/19/2004 6:26 PM
To: php-db@xxxxxxxxxxxxx
Subject:  PHP + SSL + LDAP + IPLANET
 
Greetings,

(That Iplanet word must have peaked your interest...riight...)

OS: Solaris 9
CC: GCC 3.2.2
APP: Sun ONE Web Server 6.2SP2
LDAP: Sun ONE Directory Server 5.2 (configured for SSL and confirmed with non-php apps)

Configured PHP 4.3.8/or 5.1 with openssl, openldap, libxml, zlib using GCC 3.2.2  (all latest stable versions).

Created and installed the certificates. Verified using openssl programs and ldapsearch
utils.  

I have a *few* questions

a) Internet research to get ldaps working with PHP tells me that I have to setup a HOME environment
    variable for the Web Server User and dump a .ldaprc file in there, in addition to specifying option in
    the ldap.conf file.  I did that in the magnus.conf file  using init-cgi directive. 
    The Env Variable is visible to all the cgi programs. HOWEVER, the phpinfo() 
    command does not pick up that  (and all of my other user Environment variables such as ORACLE_HOME etc)
    and hence does not see that file. phpinfo() keeps reporting that the user is root (I don't want that!).
    The Web Server runs as a non-root user.  

    What gives ? I read some docs but they are not clear on how to pass these env variables..

   Q: How can I make vendor/custom environment variables available for PHP running in IPLANET server ?

b) I added the following lines to my /usr/local/openldap/etc/openldap/ldap.conf file

      # Instruct client to NOT request a server's cert.
  TLS_REQCERT never

  # Define location of CA Cert
  TLS_CACERT /usr/local/ssl/certs/AD_CA_CERT.pem
  TLS_CACERTDIR /usr/local/ssl/certs

  #--end--


The ldapsearch util works good and makes SSL connection to the ldap server (using ldapsearch -H "ldaps://server.tigr.org")
To test PHP's ability, I am using the connect_AD function from the PHP man page (replicated below)

function connect_AD()
  {
   $ldap_server = "ldaps://adserver.ad.com" ;
   $ldap_user  = "CN=web service account,OU=Service Accounts,DC=ad,DC=com" ;
   $ldap_pass  = "password" ;

   $ad = ldap_connect($ldap_server) ;
   ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
   $bound = ldap_bind($ad, $ldap_user, $ldap_pass);

   return $ad ;
  }

BUT the above function does not work. It just "hangs" at the ldap_connect stage. No output on snoop also (tcpdump for solaris).

However, when I tried to specifiy ldap_connect (server, 636), it get's past that point but hangs at ldap_bind.  

I have a feeling that PHP under IPLANET is just not able to pick up the installed certificates. May be connected to the fact
that I can't get it retrieve my environment variables specified in the server ... ? 


Any pointers  ? please ?  I will summarize once i find a solution.

many many tia

rajeev




[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux