(That Iplanet word must have peaked your interest...riight...)

OS: Solaris 9
CC: GCC 3.2.2
APP: Sun ONE Web Server 6.2SP2
LDAP: Sun ONE Directory Server 5.2 (configured for SSL and confirmed with non-php apps)

Configured PHP 4.3.8/or 5.1 with openssl, openldap, libxml, zlib using GCC 3.2.2  (all 
latest stable versions).

Created and installed the certificates. Verified using openssl programs and ldapsearch

I have a *few* questions

a) Internet research to get ldaps working with PHP tells me that I have to setup a 
HOME environment
    variable for the Web Server User and dump a .ldaprc file in there, in addition to 
specifying option in
    the ldap.conf file.  I did that in the magnus.conf file  using init-cgi directive. 
    The Env Variable is visible to all the cgi programs. HOWEVER, the phpinfo() 
    command does not pick up that  (and all of my other user Environment variables 
such as ORACLE_HOME etc)
    and hence does not see that file. phpinfo() keeps reporting that the user is root 
(I don't want that!).
    The Web Server runs as a non-root user.  

    What gives ? I read some docs but they are not clear on how to pass these env 

   Q: How can I make vendor/custom environment variables available for PHP running in 
IPLANET server ?

b) I added the following lines to my /usr/local/openldap/etc/openldap/ldap.conf file

      # Instruct client to NOT request a server's cert.

  # Define location of CA Cert
  TLS_CACERT /usr/local/ssl/certs/AD_CA_CERT.pem
  TLS_CACERTDIR /usr/local/ssl/certs


The ldapsearch util works good and makes SSL connection to the ldap server (using 
ldapsearch -H "ldaps://")
To test PHP's ability, I am using the connect_AD function from the PHP man page 
(replicated below)

function connect_AD()
   $ldap_server = "ldaps://" ;
   $ldap_user  = "CN=web service account,OU=Service Accounts,DC=ad,DC=com" ;
   $ldap_pass  = "password" ;

   $ad = ldap_connect($ldap_server) ;
   ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
   $bound = ldap_bind($ad, $ldap_user, $ldap_pass);

   return $ad ;

BUT the above function does not work. It just "hangs" at the ldap_connect stage. No 
output on snoop also (tcpdump for solaris).

However, when I tried to specifiy ldap_connect (server, 636), it get's past that point 
but hangs at ldap_bind.  

I have a feeling that PHP under IPLANET is just not able to pick up the installed 
certificates. May be connected to the fact
that I can't get it retrieve my environment variables specified in the server ... ? 

Any pointers  ? please ?  I will summarize once i find a solution.

many many tia


Reply via email to