Re: [PHP-WIN] Using PHP to Bind over LDAPS.
by Phillip Terry other posts by this author
Oct 19 2006 10:25AM messages near this date
RE: [PHP-WIN] Using PHP to Bind over LDAPS.
|
[PHP-WIN] Cookies - IE6
My Lord, that worked!
I was racking my brain trying to figure that out.
In my searching, I saw some vague references to this ldap.conf, but I just
assumed that was for linux boxes.
I really appreciate the quick response.
I appreciate even more that it worked! :-)
Best Regards,
Phillip
----- Original Message -----
From: "Bowden, Zeb" <zbowden@[...].edu>
To: <php-windows@[...].net>
Sent: Thursday, October 19, 2006 11:56 AM
Subject: RE: [PHP-WIN] Using PHP to Bind over LDAPS.
This is happening because as far as PHP/OpenLDAP are concerned it
doesn't trust your CA.
By default it's going to look in c:\openldap\sysconf for an ldap.conf
file. Create a c:\openldap\sysconf\ldap.conf with this on the first
line:
TLS_REQCERT never
Then you may need to restart IIS to get it to re-read that file.
This is just a workaround, you can read up on openldap and how to
configure it if you actually want to pay attention to the certs you're
using. You can also use environment variables (I think they are LDAPRC
(user settings) and LDAPCONF (system wide)) if you want to change the
location your conf file and/or do more involved things.
Hope this helps...
Zeb Bowden
VT.SETI.IAD.MIG:Systems Architect
http://vtmig.w2k.vt.edu
-----Original Message-----
From: Phillip Terry [mailto:pterry@[...].net]
Sent: Thursday, October 19, 2006 12:42 PM
To: php-windows@[...].net
Subject: [PHP-WIN] Using PHP to Bind over LDAPS.
I configured LDAP for SSL (LDAPS) on the Active Directory (AD) Domain
Controller (DC).
The DC is a Windows 2003 Server box.
To do this I:
1) Setup the DC as a Certificate Authority (CA)
2) Issued a Certificate to itself
3) Issued a Certificate to the client that would be connecting via LDAPS
The client is configured in the following manner:
1) Windows 2003 Server Running IIS
2) PHP 5.0.4 installed
3) LDAP support enabled
- Uncommented the php_ldap.dll extension
- Copied the php_ldap.dll file into the appropriate directory
- Restarted IIS
Using the LDP tool, I was able to connect and bind via ports 389, 636,
and 3269.
Here is the code I am using to attempt the bind:
<?php
$host = "ldaps://server.addomain.domain.com";
$un = "jdoe";
$pw = "password";
$lc = ldap_connect($host);
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($lc, LDAP_OPT_REFERRALS, 0);
$lb = ldap_bind($lc, $un, $pw);
ldap_close($lc);
?>
If I change it to ldap://server.addomain.domain.com it functions
correctly.
Is there a secure bind function I should know about?
Thanks for the help!
Phillip
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thread:
Phillip Terry
Zeb Bowden
Phillip Terry
|
