Josh, 

Yes. The reason we went with stunnel is because we thought that 
dealing with LDAPS and certificates would be too time consuming 
with our existing setup. We had everything working with LDAP and 
no expertise with generating self-signed certs with Microsoft 
tools.

If you can explain how to do that, it would be most 
appreciative, however if there is a way that ldap_connect() can 
be used WITHOUT LDAPS, then that would be better for us.

Thanks.

- Cliff
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cliff,

The LDAP code is being used by many people for authentication; so, you should 
be able to use it without worrying about issues with it once you have it set 
up correctly.  You also gain some optional user group management if you use 
LDAP.

I've not used stunnel before; so, I'm not exactly sure what modifications will 
need to be made to the code to support it.  I doubt it will work out of the 
box because the code expects to be able to connect to an LDAP server using

ldap_connect("ldaps://hostname.of.server.here/");'

But, if stunnel can be set up such that just using localhost as the hostname 
will work, you may be able to do it without any modifications.

Is there a reason ldaps won't work for you?  If it is because of self-signed 
certificates, I can explain how to work with that.

Josh

On Thursday May 20, 2010, Clifton B Wood wrote:
> Passing this along by request from Andy.
> 
> I am curious as to how robust the LDAP code is in VCL, as we 
> might be required to make web front-end logins use that 
> authentication method in the future.
> 
> Thanks!
> 
> - Cliff
>    
> Andy,
> 
> I am trying to get LDAP logins working on our VCL pilot. First 
> off, we are not using LDAPS, we are using basic logins with 
> stunnel (ldap requests are sent to a port on the local 
> machine, the request is then encrypted and sent to our Active 
> Directory server) -- I've verified that this works using other 
> LDAP tools, however when I try logging in using VCL, it 
> doesn't work.
> 
> Does the LDAP code you are using for VCL support this kind of 
> setup?
> 
> I've attached my conf.php file to this email.
> 
> Thanks!
> 
> - Cliff Wood
> Morgan State University
- -- 
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University

josh_thomp...@ncsu.edu
919-515-5323

my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkv2ok8ACgkQV/LQcNdtPQPYxgCfXMtsdNgnJiO1iFLfEghtCD6H
GRoAnjrIqdg3Br/BIqsyiBowqEbClNKM
=98aq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to