[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Unable to bind to active directory using TLS
Harish Chakravarthy wrote:
> Hello,
>
> Thanks for your response.
>
> "Can you please code I've attached?" - I don't see one in the email.
> Secondly, my test script (command line & web) is not looking for ldap.conf.
>
> -Harish
>
Morning,
I've checked the sent mail and it's there as an attachment.
Well, here we go:
--- SNIP ---
<?php
/*
* [PHP] Code to test LDAP connection
*/
define('MYLDAP_HOST', 'ldap://localhost');
define('MYLDAP_PORT', 389);
define('MYLDAP_BINDDN', 'cn=LDAPuser,dc=domain,dc=tld');
define('MYLDAP_PSWD', 'myPass');
define('MYLDAP_TLS', true); # buggy - don't use?
# !-- some input var checks here --!
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT);
if (!$ldapConn) {
exit("Unable to connect to LDAP server");
}
if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
exit("Unable to set protocol version to v3");
}
# buggy - don't use ?
if (MYLDAP_TLS) {
ldap_start_tls($ldapConn) or die("Can't start TLS");
}
$ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD);
if (!$ldapBind) {
exit("LDAP Bind failed");
}
echo "OK";
ldap_unbind($ldapConn); # aka ldap_close
return 0;
?>
--- SNIP ---
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net
> On Sat, Sep 26, 2009 at 12:33 AM, Zdenek Styblik <stybla@turnovfree.net
> <mailto:stybla@turnovfree.net>> wrote:
>
> Harish Chakravarthy wrote:
>> Here is more information
>> 1. I am binding to Active Directory from Solaris 10
>> 2. My php_info gives configure options as './configure'
>> '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
>> '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
>> '--with-mysql=/usr/local/mysql/' '--with-gd'
>> 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
>> exactly the same settings as my user account (that executes the script
>> from command line)
>> 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
>> file is not being used by the script (command line or web). I
> rename the
>> file and nothing changes!.
>> 5. I have apache compiled for mod_ssl
>
>> Should I recompile Apache with mod_ldap or any additional modules - I
>> using a PHP script on my webserver to gather login & password to
>> authenticated against Active Directory?.
>
>> Thanks again for your time.
>
>> -Harish
>
>
>
> Hello,
>
> I'm sorry, I should have read better. I replied in haste and-
> Can you please code I've attached? It should be sufficient just to
> supply credentials. I've tested it and, although I can't make an LDAP
> connection from console [I've messed something in PHP; ignore], it works
> for me via WEB [I can see 'OK']. I'm not sure why I've put comments
> about TLS being buggy [probably something in PHP documentation?], but
> the code [PHP] works with LDAP TLS just fine.
>
> I don't think you need mod_ldap in Apache, as this one should serve for
> direct interaction of httpd<-->LDAP [imao].
>
> Let me know,
> Zdenek
>