Hallo Clément, Thank you for your quick response. I have copied the certificate file to /etc/ssl/certs/ and add the following line in the ldap.conf
TLS_CACERT /etc/ssl/certs/ostedc1.oste.de_ostedc1.crt I continue to adapt the LDAP URL in the config.inc.php file: $ldap_url = ldaps://192.168.0.2; But I can not get into the LDAP: - Error: ldap_bind() [function.ldap-bind ( http://192.168.0.31/function.ldap-bind )]: Unable to bind to server: Can't contact LDAP server in /opt/self-service-password/pages/change.php on line 84 I am sure that the user ($ldap_binddn) and the password ($ldap_bindpw) is correct. Can you give me a hint, what have I forgotten Here again a part of my config.inc.php: $ldap_url = "ldaps://192.168.0.2"; $ldap_binddn = "cn=admin,ou=Users,dc=oste,dc=de"; $ldap_bindpw = "1234567"; $ldap_base = "ou=Users,dc=oste,dc=de"; $ldap_filter = "(&(objectCategory=user)(sAMAccountName={login}))"; #(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; #$ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))"; #$ldap_filter = "(&(objectClass=person)(uid={login}))"; # Active Directory mode # true: use unicodePwd as password field # false: LDAPv3 standard behavior $ad_mode = true; # Force account unlock when password is changed $ad_options['force_unlock'] = true; # Force user change password at next login $ad_options['force_pwd_change'] = false; # changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "manager"; Thank you for your effort. Sven Amme >>> Clément OUDOT<[email protected]> 11.05.2012 14:56 >>> 2012/5/11 Sven Amme <[email protected]>: > Hallo, > > I try to configure the ssp 0.7 to access our Active Directory (Windows > Server 2003 SP2). > > Error: ldap_bind () [function.ldap-bind]: Unable to bind to server: Invalid > credentials in / opt / self-service password / pages / change.php on line 84 > This error means you have a wrong binddn or bindpw. > Here is my config.inc.php: > > $ldap_url = "ldap://192.168.0.2";; > $ldap_binddn = "cn=admin,ou=Users,dc=oste,dc=de"; > $ldap_bindpw = "1234567"; > $ldap_base = "ou=Users,dc=oste,dc=de"; > $ldap_filter = "(&(objectCategory=user)(sAMAccountName={login}))"; > #(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; > #$ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))"; > #$ldap_filter = "(&(objectClass=person)(uid={login}))"; > > # Active Directory mode > # true: use unicodePwd as password field > # false: LDAPv3 standard behavior > $ad_mode = true; > # Force account unlock when password is changed > $ad_options['force_unlock'] = true; > # Force user change password at next login > $ad_options['force_pwd_change'] = false; > > # changes the password? > # Also applicable for question/answer save > # user: the user itself > # manager: the above binddn > $who_change_password = "manager"; > > The user "admin" is a member of the group "Domain Admins". > > I have already created a certificate on the DC. Does the certificate on the > server with SSP import? And if so, how? > I've also tried the following: > $ldap_url = ldaps://192.168.0.2; > $ldap_url = ldaps://192.168.0.2:389; The second will ot work, as 389 port is the LDAP port, not LDAPS port. The first one is good. > > Unfortunately, with the error: Can not contact LDAP > > What have I missed? Have modified the ldap.conf file? See http://ltb-project.org/wiki/documentation/self-service-password/latest/config_ldap Clément. Malibu GmbH & Co. KG · Sitz u. Reg.-Gericht Bielefeld · HRA 15253 UStID-Nr. DE 239 100 431 Komplementärin Malibu Beteiligungs GmbH · Sitz u. Reg.-Gericht Bielefeld HRB 39158 Geschäftsführung Carsten Heuer · Dr. Nico Reiner Prof. Dr. Helmut Stiebig
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
