[EMAIL PROTECTED] writes: > Thanks Hallvard. I have started ldaps like *slapd -h > ldaps://0.0.0.0:636/ -d 1* so ldaps on port636 > > here is the config.php of php-ldap-admin > (...) > $ldapservers->SetValue($i,'server','host','127.0.0.1'); > $ldapservers->SetValue($i,'server','port','636'); > (...) > $ldapservers->SetValue($i,'server','tls',true);
Hi, back from holiday.. If you haven't figured this out yet: I don't know what your PHP code means, but maybe the last statement means to use the StartTLS LDAP request (with the LDAP protocol) rather than using 'ldaps'. If so you should use port 389 (or not specify the port, maybe then you get the proper protocol's default), and listen use slapd -h 'ldap:// ...'. Another possibility: You must connect to a hostname which is listed in the server's certificate. So if you connect to '127.0.0.1', the server certificate must include that in its Subject Alt Name. Which is unusual. Does yours? The client need to know the server cert or the CA certificate which signed it, so that it can verify the server certificate. If it cannot be verified, or if the hostname/address you connected to does not match a hostname/addr in the cert, that might be due to an attack. So the client should reject the connection. Finally, note that the loopback device (127.0.0.1) should be unsnoopable since a connection to it is not a network connection, so you shouldn't need TLS in this case. -- Regards, Hallvard --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
