On Thu, Dec 06, 2001 at 12:08:12PM +0100, Susanne Benkert wrote:
> After recompiling my Php with the newest LDAP-Libraries and Openssl
> "ldap_connect("ldap://hostname";)" works. But I still have problems with
> "ldap_connect("ldaps://hostname")": 

Could you check whether ldapsearch -H "ldaps://hostname" works? PHP
should work if and only if this works. As hostname you should use
the same as the CN in the certificate, probably the FQDN (full
hostname and domain).

> What did I wrong? Does Php need its own Key/Certificate (as client
> certificate)? Or is something wrong with my server certificate of Ldap?
> (But I can't imagine, because other actions like ldapsearch already seem
> to work with TLS.) 

Did you also try with -H ldaps:// and the same hostname? Client
certificate is only needed if you put "TLSVerifyClient 1" in
slapd.conf on the server.

> Has anything should be change in the configuration of php when using it
> with SSL and Openldap?


I suggest you try to get ldapsearch -H ldaps://host/ to work first.
If it doesn't work (and you don't get more answers here), please ask
on the OpenLDAP lists. If you get ldapsearch -H to work, but not PHP,
then this is the place to ask or submit a report at bugs.php.net. I'm
pretty sure ldapsearch -H will give the same error though.

I see now that you did mail the OpenLDAP list as well. I think that
is the right place, but there is a danger people there will think
it's a PHP problem. If you don't get answers there, test with
ldapsearch -H, and if that fails, post that on the OpenLDAP list as
well, since in that case PHP isn't involved.

I could try to provide more help if necessary, but I'll be mostly
available for over a week now, so I hope some others will offer
help as well.

Don't give up,


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to