[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Communicate from php/apache to openLDAP over LDAPS

Jérémy ESCOLANO wrote:

I tried to put host="srvLDAP" but it still doesn't work

Actually the problem is configuring my APACHE server to make it considerate
theses certificate.
I know there is a ldap.conf in the openLDAP directory (on openLDAP server)
where to have to put :

TLS_CACERT      ./ssl2/cacert.cer
TLS_REQCERT     demand

but how can we specify it on apache server ?


Ask on an Apache forum.


Thanks


2010/6/10 Thierry Lacoste <lacoste@u-pec.fr <mailto:lacoste@u-pec.fr>>

    Seems to me that the $host variable is incorrect :  should be $host="srvLDAP"

    HTH,
    Thierry

    On 10 juin 10, at 10:57, Jérémy ESCOLANO wrote:


    Hi

    I'm writing from france cuz i'm having a big problem with apache and
    ldap. let me explain :

    I would like to make an Apache server communicate in php with en
    openLDAP server (both servers are under win srv 2003), using LDAPS protocol.

    In order to activate LDAPS on my openLDAP srv (srvLDAP), I created self
    signed certificates with openSSL. I got 3 files:


    cacert.pem
    srvLDAP.pem
    srvLDAP.key


    I configured my slapd.con file and ldap.conf fil (openLDAP side) like this:

    slapd.conf

    TLSCertificateFile      ./ssl/srvLDAP.pem
    TLSCertificateKeyFile   ./ssl/srvLDAP.key
    TLSCACertificateFile    ./ssl/cacert.pem


    ldap.conf
    BASE <ma branche>
    URI     ldaps://srvLDAP/
    TLS_CACERT      ./ssl/cacert.pem
    TLS_REQCERT     demand



    I launched my openLDAP service, and checked ldaps protocol was okay,
    using this command :



    C:\Program Files\OpenLDAP>ldapsearch -b o=exemple,dc=fr -s sub -x -w pass-D
    cn=admin,o=exemple,dc=fr -H ldaps://srvLDAP/


    Now I would like, from the remote apache server, communicate with the
    openLDAP server using [b]LDAPS[/b] Protocol.

    Here is my simplified PHP code

    <h2>LDAP OPENLDAP LDAPS</h2>
    <?php


    $host="ldaps://srvldap";
    $port="636";
    $ds=ldap_connect($host,$port);
    ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
    $r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","pass" );
    $sr=ldap_search($ds,"o=exemplec,dc=fr",("objectClass=maclasse" ));
    $info=ldap_get_entries($ds,$sr);
    print $info["count"]." enregistrements trouvés.";
       ?>

    I get this errror:


    Unable to bind to server: Can't contact LDAP server


    I know i have to configure certificates in the Apache server
    configuration, I tried to to this according several internet ressources
    but didn't succeed. I also read this link
    [URL="http://forum.hardware.fr/hfr/OSAlternatifs/Logiciels-2/certificats-securisee-connexion-sujet_65365_1.htm"]Here[/URL]
    which is a french link which speak about an ldap.con and ldaprc files to
    put in the apache server. I did it but nothing happened.

    Well, i'm lost in all this stuff, that is why i'm asking for help to
    configure my servers to use ldaps with php.

    Do you have information that could help me ?

    I thank you in advance






--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/