On Sun, 2009-08-23 at 16:07 -0400, Deon George wrote:
> Josh, there is where it gets complicated.
>
> PLA is not the "direct" ldap client - "php-ldap" is. So, TLS (and SSL)
> session establishment is done in php-ldap. php-ldap runs as the your
> web
> server user. (This is why PLA doesnt have any SSL/certificate
> parameters).
>
> A couple of things to try:
> * Make sure that all your client configuration files are readable by
> your web server's user id.
> * Try and export the the client's details as variables (TLS_CERT,
> TLS_KEY) and restart httpd.
>
> If this doesnt work then search a php-ldap mailling lists for advice.
>
> ..deon
>
Thanks for the input Deon.
Got this working in case anyone else needs it....
Most importantly, I had to use the FQDN (what I entered when creating my
CA Certificate) of my ldap server in the config.php .
SERVER:
/etc/openldap/slapd.conf
TLSVerifyClient demand
CLIENT:
/etc/openldap/ldap.conf
TLS_REQCERT demand
ENV Variables
LDAPTLS_KEY=/var/www/clientkey.pem
LDAPTLS_CACERT=/etc/openldap/cacerts/cacert.pem
LDAPTLS_CERT=/etc/openldap/cacerts/clientcrt.pem
Created /etc/profile.d/ldap-admin.sh:
export LDAPTLS_KEY=/var/www/clientkey.pem
export LDAPTLS_CACERT=/etc/openldap/cacerts/cacert.pem
export LDAPTLS_CERT=/etc/openldap/cacerts/clientcrt.pem
Copied my client private key to /var/www:
root:apache 440
apachectl restart
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
phpldapadmin-users mailing list
phpldapadmin-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
