[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Communicate from php/apache to openLDAP over LDAPS

Jérémy ESCOLANO wrote:
I tried to put host="srvLDAP" but it still doesn't work

Actually the problem is configuring my APACHE server to make it considerate
theses certificate.
I know there is a ldap.conf in the openLDAP directory (on openLDAP server)
where to have to put :

TLS_CACERT      ./ssl2/cacert.cer
TLS_REQCERT     demand

but how can we specify it on apache server ?

Ask on an Apache forum.


2010/6/10 Thierry Lacoste <lacoste@u-pec.fr <mailto:lacoste@u-pec.fr>>

    Seems to me that the $host variable is incorrect :  should be $host="srvLDAP"


    On 10 juin 10, at 10:57, Jérémy ESCOLANO wrote:


    I'm writing from france cuz i'm having a big problem with apache and
    ldap. let me explain :

    I would like to make an Apache server communicate in php with en
    openLDAP server (both servers are under win srv 2003), using LDAPS protocol.

    In order to activate LDAPS on my openLDAP srv (srvLDAP), I created self
    signed certificates with openSSL. I got 3 files:


    I configured my slapd.con file and ldap.conf fil (openLDAP side) like this:


    TLSCertificateFile      ./ssl/srvLDAP.pem
    TLSCertificateKeyFile   ./ssl/srvLDAP.key
    TLSCACertificateFile    ./ssl/cacert.pem

    BASE <ma branche>
    URI     ldaps://srvLDAP/
    TLS_CACERT      ./ssl/cacert.pem
    TLS_REQCERT     demand

    I launched my openLDAP service, and checked ldaps protocol was okay,
    using this command :

    C:\Program Files\OpenLDAP>ldapsearch -b o=exemple,dc=fr -s sub -x -w pass-D
    cn=admin,o=exemple,dc=fr -H ldaps://srvLDAP/

    Now I would like, from the remote apache server, communicate with the
    openLDAP server using [b]LDAPS[/b] Protocol.

    Here is my simplified PHP code


    $r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","pass" );
    $sr=ldap_search($ds,"o=exemplec,dc=fr",("objectClass=maclasse" ));
    print $info["count"]." enregistrements trouvés.";

    I get this errror:

    Unable to bind to server: Can't contact LDAP server

    I know i have to configure certificates in the Apache server
    configuration, I tried to to this according several internet ressources
    but didn't succeed. I also read this link
    which is a french link which speak about an ldap.con and ldaprc files to
    put in the apache server. I did it but nothing happened.

    Well, i'm lost in all this stuff, that is why i'm asking for help to
    configure my servers to use ldaps with php.

    Do you have information that could help me ?

    I thank you in advance

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/