[Date Prev][Date Next] [Chronological] [Thread] [Top]

Communicate from php/apache to openLDAP over LDAPS



Hi

I'm writing from france cuz i'm having a big problem with apache and ldap. let me explain :

I would like to make an Apache server communicate in php with en openLDAP server (both servers are under win srv 2003), using LDAPS protocol.

In order to activate LDAPS on my openLDAP srv (srvLDAP), I created self signed certificates with openSSL. I got 3 files:


cacert.pem
srvLDAP.pem
srvLDAP.key


I configured my slapd.con file and ldap.conf fil (openLDAP side) like this:

slapd.conf

TLSCertificateFile      ./ssl/srvLDAP.pem
TLSCertificateKeyFile   ./ssl/srvLDAP.key
TLSCACertificateFile    ./ssl/cacert.pem


ldap.conf
BASE    <ma branche>
URI     ldaps://srvLDAP/
TLS_CACERT      ./ssl/cacert.pem
TLS_REQCERT     demand



I launched my openLDAP service, and checked ldaps protocol was okay, using this command :



C:\Program Files\OpenLDAP>ldapsearch -b o=exemple,dc=fr -s sub -x -w pass-D
cn=admin,o=exemple,dc=fr -H ldaps://srvLDAP/


Now I would like, from the remote apache server, communicate with the openLDAP server using [b]LDAPS[/b] Protocol.

Here is my simplified PHP code

<h2>LDAP OPENLDAP LDAPS</h2>
<?php


$host="ldaps://srvldap";
$port="636";
$ds=ldap_connect($host,$port);
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
$r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","pass" );
$sr=ldap_search($ds,"o=exemplec,dc=fr",("objectClass=maclasse" ));
$info=ldap_get_entries($ds,$sr);
print $info["count"]." enregistrements trouvés.";
   ?>

I get this errror:


Unable to bind to server: Can't contact LDAP server


I know i have to configure certificates in the Apache server configuration, I tried to to this according several internet ressources but didn't succeed. I also read this link [URL="" href="http://forum.hardware.fr/hfr/OSAlternatifs/Logiciels-2/certificats-securisee-connexion-sujet_65365_1.htm" target="_blank" style="color: rgb(53, 66, 88); ">http://forum.hardware.fr/hfr/OSAlternatifs/Logiciels-2/certificats-securisee-connexion-sujet_65365_1.htm"]Here[/URL] which is a french link which speak about an ldap.con and ldaprc files to put in the apache server. I did it but nothing happened.

Well, i'm lost in all this stuff, that is why i'm asking for help to configure my servers to use ldaps with php.

Do you have information that could help me ? 

I thank you in advance