Yes. The reason we went with stunnel is because we thought that
dealing with LDAPS and certificates would be too time consuming
with our existing setup. We had everything working with LDAP and
no expertise with generating self-signed certs with Microsoft
If you can explain how to do that, it would be most
appreciative, however if there is a way that ldap_connect() can
be used WITHOUT LDAPS, then that would be better for us.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
The LDAP code is being used by many people for authentication; so, you should
be able to use it without worrying about issues with it once you have it set
up correctly. You also gain some optional user group management if you use
I've not used stunnel before; so, I'm not exactly sure what modifications will
need to be made to the code to support it. I doubt it will work out of the
box because the code expects to be able to connect to an LDAP server using
But, if stunnel can be set up such that just using localhost as the hostname
will work, you may be able to do it without any modifications.
Is there a reason ldaps won't work for you? If it is because of self-signed
certificates, I can explain how to work with that.
On Thursday May 20, 2010, Clifton B Wood wrote:
> Passing this along by request from Andy.
> I am curious as to how robust the LDAP code is in VCL, as we
> might be required to make web front-end logins use that
> authentication method in the future.
> - Cliff
> I am trying to get LDAP logins working on our VCL pilot. First
> off, we are not using LDAPS, we are using basic logins with
> stunnel (ldap requests are sent to a port on the local
> machine, the request is then encrypted and sent to our Active
> Directory server) -- I've verified that this works using other
> LDAP tools, however when I try logging in using VCL, it
> doesn't work.
> Does the LDAP code you are using for VCL support this kind of
> I've attached my conf.php file to this email.
> - Cliff Wood
> Morgan State University
Advanced Computing | VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
-----END PGP SIGNATURE-----
--- End Message ---