Re: Using PHP to Bind over LDAPS.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My Lord, that worked!
I was racking my brain trying to figure that out.

In my searching, I saw some vague references to this ldap.conf, but I just assumed that was for linux boxes.

I really appreciate the quick response.
I appreciate even more that it worked! :-)

Best Regards,
Phillip

----- Original Message ----- From: "Bowden, Zeb" <zbowden@xxxxxx>
To: <php-windows@xxxxxxxxxxxxx>
Sent: Thursday, October 19, 2006 11:56 AM
Subject: RE:  Using PHP to Bind over LDAPS.


This is happening because as far as PHP/OpenLDAP are concerned it
doesn't trust your CA.
By default it's going to look in c:\openldap\sysconf for an ldap.conf
file. Create a c:\openldap\sysconf\ldap.conf with this on the first
line:
TLS_REQCERT never

Then you may need to restart IIS to get it to re-read that file.

This is just a workaround, you can read up on openldap and how to
configure it if you actually want to pay attention to the certs you're
using. You can also use environment variables (I think they are LDAPRC
(user settings) and LDAPCONF (system wide)) if you want to change the
location your conf file and/or do more involved things.

Hope this helps...

Zeb Bowden
VT.SETI.IAD.MIG:Systems Architect
http://vtmig.w2k.vt.edu






-----Original Message-----
From: Phillip Terry [mailto:pterry@xxxxxxxxxxx]
Sent: Thursday, October 19, 2006 12:42 PM
To: php-windows@xxxxxxxxxxxxx
Subject:  Using PHP to Bind over LDAPS.

I configured LDAP for SSL (LDAPS) on the Active Directory (AD) Domain
Controller (DC).
The DC is a Windows 2003 Server box.

To do this I:
1) Setup the DC as a Certificate Authority (CA)
2) Issued a Certificate to itself
3) Issued a Certificate to the client that would be connecting via LDAPS

The client is configured in the following manner:
1) Windows 2003 Server Running IIS
2) PHP 5.0.4 installed
3) LDAP support enabled
   - Uncommented the php_ldap.dll extension
   - Copied the php_ldap.dll file into the appropriate directory
   - Restarted IIS

Using the LDP tool, I was able to connect and bind via ports 389, 636,
and 3269.

Here is the code I am using to attempt the bind:


<?php

$host = "ldaps://server.addomain.domain.com";
$un = "jdoe";
$pw = "password";

$lc = ldap_connect($host);

ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($lc, LDAP_OPT_REFERRALS, 0);

$lb = ldap_bind($lc, $un, $pw);

ldap_close($lc);

?>


If I change it to ldap://server.addomain.domain.com it functions
correctly.

Is there a secure bind function I should know about?

Thanks for the help!

Phillip

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux