Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This test script works from command line but not from the web. "TLS connect failed!" is my error message when I execute the script via web. Any assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to Active Directory.
<?php
define('MYLDAP_HOST', 'ldap://my.server');
define('MYLDAP_PORT', 389);
define('MYLDAP_BINDDN', 'CN=something,OU=Users,OU=Administration,DC=edu');
define('MYLDAP_PSWD', 'something);
# Required for working via command line
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');$tls = ldap_start_tls($ldapConn);
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT);
if (!$ldapConn) {
exit("Unable to connect to LDAP server");
}
if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
exit("Unable to set protocol version to v3");
}
if (!$tls) { exit("TLS connect failed!"); }echo "Works!<br/>";
$ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD);
if (!$ldapBind) {
exit("LDAP Bind failed");
}
ldap_unbind($ldapConn);
return 0;
?>
-HarishOn Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik <stybla@turnovfree.net> wrote:
Harish Chakravarthy wrote:Also, does TLS work with LDAP itself?
> Here is more information
> 1. I am binding to Active Directory from Solaris 10
> 2. My php_info gives configure options as './configure'
> '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
> '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
> '--with-mysql=/usr/local/mysql/' '--with-gd'
> 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
> exactly the same settings as my user account (that executes the script
> from command line)
> 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
> file is not being used by the script (command line or web). I rename the
> file and nothing changes!.
> 5. I have apache compiled for mod_ssl
>
> Should I recompile Apache with mod_ldap or any additional modules - I
> using a PHP script on my webserver to gather login & password to
> authenticated against Active Directory?.
>
> Thanks again for your time.
>
> -Harish
>
>
There is also comment at php.net which says:
> If your version was linked against the OpenLDAP libraries, you may
> want to look at the ldap.conf file for more information about specifying
> SSL/TLS behavior. Apparently, the settings in ldap.conf make a different
> in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net
>
>
>
> On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla@turnovfree.net
> email: stybla@turnovfree.net <mailto:stybla@turnovfree.net>> <mailto:stybla@turnovfree.net>> wrote:
>
> Harish Chakravarthy wrote:
> > Hello Everyone,
> >
> > Greetings.
> >
> > I am unable to bind to active directory using TLS. I get the following
> > error while executing my script via the browser
> >
> > /*PHP Warning: ldap_start_tls() [<a
> > href="" Unable to
> > start TLS: Connect error*/
> >
> > The same script when executed from the command line works!.
> >
> > I have compiled PHP with flags --with-ldap --with-ldap-sasl
> > --with-openssl .
> >
> > Can you help me further trouble shoot this problem?.
> >
> > Thanks
> > Harish
> >
> >
> >
>
> And what has <?php php_info() ?> to say? I think there might be two .ini
> files - one for command line and one for httpd php module. So, this one
> for httpd might be missing:
> extension=openssl.so
> extension=ldap.so
> <whatever is needed>
>
> Regards,
> Zdenek
>
> --
> Zdenek Styblik
> Net/Linux admin
> OS TurnovFree.net
> jabber: stybla@jabber.turnovfree.net