[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to bind to active directory using TLS



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Harish Chakravarthy wrote:
> Here is more information
> 1. I am binding to Active Directory from Solaris 10
> 2. My php_info gives configure options as './configure'
> '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
> '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
> '--with-mysql=/usr/local/mysql/' '--with-gd'
> 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
> exactly the same settings as my user account (that executes the script
> from command line)
> 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
> file is not being used by the script (command line or web). I rename the
> file and nothing changes!.
> 5. I have apache compiled for mod_ssl
> 
> Should I recompile Apache with mod_ldap or any additional modules - I
> using a PHP script on my webserver to gather login & password to
> authenticated against Active Directory?.
> 
> Thanks again for your time.
> 
> -Harish
> 
> 

Hello,

I'm sorry, I should have read better. I replied in haste and-
Can you please code I've attached? It should be sufficient just to
supply credentials. I've tested it and, although I can't make an LDAP
connection from console [I've messed something in PHP; ignore], it works
for me via WEB [I can see 'OK']. I'm not sure why I've put comments
about TLS being buggy [probably something in PHP documentation?], but
the code [PHP] works with LDAP TLS just fine.

I don't think you need mod_ldap in Apache, as this one should serve for
direct interaction of httpd<-->LDAP [imao].

Let me know,
Zdenek

- --
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net


> 
> 
> 
> On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla@turnovfree.net
> <mailto:stybla@turnovfree.net>> wrote:
> 
>     Harish Chakravarthy wrote:
>     > Hello Everyone,
>     >
>     > Greetings.
>     >
>     > I am unable to bind to active directory using TLS. I get the following
>     > error while executing my script via the browser
>     >
>     > /*PHP Warning:  ldap_start_tls() [<a
>     > href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to
>     > start TLS: Connect error*/
>     >
>     > The same script when executed from the command line works!.
>     >
>     > I have compiled PHP with flags --with-ldap  --with-ldap-sasl
>     > --with-openssl  .
>     >
>     > Can you help me further trouble shoot this problem?.
>     >
>     > Thanks
>     > Harish
>     >
>     >
>     >
> 
>     And what has <?php php_info() ?> to say? I think there might be two .ini
>     files - one for command line and one for httpd php module. So, this one
>     for httpd might be missing:
>     extension=openssl.so
>     extension=ldap.so
>     <whatever is needed>
> 
>     Regards,
>     Zdenek
> 
>     --
>     Zdenek Styblik
>     Net/Linux admin
>     OS TurnovFree.net
>     email: stybla@turnovfree.net <mailto:stybla@turnovfree.net>
>     jabber: stybla@jabber.turnovfree.net
>     <mailto:stybla@jabber.turnovfree.net>
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkq9w8IACgkQ8MreUbSH7ik1/QCgz6i5y1ogcRO8GlYAFHudY0Rw
qfQAnjHLzOG1CuQRkGI9AA4VZMjrXtWQ
=r25x
-----END PGP SIGNATURE-----