ID: 50270
Comment by: jcarlos at dsi dot uclm dot es
Reported By: jcarlos at dsi dot uclm dot es
Status: To be documented
Bug Type: LDAP related
Operating System: windows
PHP Version: 5.3.1
New Comment:
I have tested in linux
Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX
===========================================================
I'm not an expert, but it works.
1)I have installed ubuntu 9.10 desktop
2)Packages:
apt-get install apache2
apt-get install libapache2-mod-php5
apt-get install libldap-2.4-2
apt-get install ldap-utils
apt-get install libsasl2-modules-ldap
apt-get install openssl
apt-get install libsasl2-2
apt-get install libkrb5-3
apt-get install kbr5-config
apt-get install kbr5-user
apt-get install php5-ldap
apt-get install php5-sasl
apt-get install php5-auth-pam
3)Put the PEM certificate.
cd /etc/ldap
mkdir certs
copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem
NOTE:webcert.crt rename to mycert.pem. It's the same
4)Edit the file /etc/ldap/ldap.conf and Add:
TLS_REQCERT never
TLS_CACERT /etc/ldap/certs/mycert.pem
5)Create file /var/www/ldaptlstest.php:
<?php
$ldap="ldap.myDomain.com";
$usr="u...@mydomain.com";
$pwd="mypassword";
$ds=ldap_connect($ldap);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
if(ldap_start_tls($ds))
$ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);
if(!$ldapbind)
echo "ERROR";
else
echo "OK";
?>
6)Restart the server: /etc/init.d/apache2 restart
7)Open Firefox and write: http://localhost/ldaptlstest.php
;) Works fine
Previous Comments:
------------------------------------------------------------------------
[2009-11-27 09:19:01] jcarlos at dsi dot uclm dot es
In Step 1, I have downloaded the certificate the the url
https://www.myDomain.com
------------------------------------------------------------------------
[2009-11-26 11:05:18] paj...@php.net
Moving to the "to be documented" state, it could be very usefull to
have this info in the ldap documentation.
------------------------------------------------------------------------
[2009-11-26 10:54:10] jcarlos at dsi dot uclm dot es
A little manual, for a easy configuration
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS
==================================================
My configuration:
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11
NOTE 1: At the momment, the versiĆ³n 5.3.1 fail with tls
NOTE 2: This example works on windows, but in linux is similar
1) Download the Certificate X.509 (PEM format) from a web browser, I
used Firefox. I put the name webcert.crt
2) Create the folder c:\openldap\sysconf
3) Copy the file webcert.crt to c:\openldap\sysconf
4) With notepad you must create the file c:\openldap\sysconf\ldap.conf
file. The file contents:
TLS_REQCERT never
TLS_CACERT c:\openldap\sysconf\webcert.crt
5) The code:
<?php
$ldap="ldap.myDomain.com";
$usr="u...@mydomain.com";
$pwd="mypassword";
$ds=ldap_connect($ldap);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
if(ldap_start_tls($ds))
$ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);
if(!$ldapbind)
echo "ERROR";
else
echo "OK";
?>
------------------------------------------------------------------------
[2009-11-24 10:44:19] jcarlos at dsi dot uclm dot es
I have tested with:
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 (works
fine)
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.3.1 (same
error)
------------------------------------------------------------------------
[2009-11-24 09:11:21] jcarlos at dsi dot uclm dot es
Also, if I'm going back to php-5.2.11 works fine, but if I change the
php-5.3.1 not working
sorry for my english
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/50270
--
Edit this bug report at http://bugs.php.net/?id=50270&edit=1
