-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cliff,

Unfortunately, I'm not a Microsoft guy either; so, I can't help with 
generating the certs.  I only know how to get VCL to work with self-signed 
certs.  Maybe someone else on the list can provide instructions or a link to 
some good online instructions.

To get VCL working with stunnel, I'd suggest first just trying to get some 
basic php ldap functionality working.  I've attached a test ldap script I use 
that you can use as a starting point.  Hopefully the mailing list won't eat 
it.  If you can get it working and let me know what you had to do, I can tell 
you what to modify in VCL.

Josh

On Thursday May 27, 2010, Clifton B Wood wrote:
> Josh, 
> 
> Yes. The reason we went with stunnel is because we thought that 
> dealing with LDAPS and certificates would be too time consuming 
> with our existing setup. We had everything working with LDAP and 
> no expertise with generating self-signed certs with Microsoft 
> tools.
> 
> If you can explain how to do that, it would be most 
> appreciative, however if there is a way that ldap_connect() can 
> be used WITHOUT LDAPS, then that would be better for us.
> 
> Thanks.
> 
> - Cliff
>
>   Re: Fwd: AD/LDAP support in VCL
> From: Josh Thompson <josh_thomp...@ncsu.edu>
>   To: vcl-dev@incubator.apache.org
>   Date: Friday 11:10:03 am
>    
> Cliff,
> 
> The LDAP code is being used by many people for authentication; so, you
>  should be able to use it without worrying about issues with it once you
>  have it set up correctly.  You also gain some optional user group
>  management if you use LDAP.
> 
> I've not used stunnel before; so, I'm not exactly sure what modifications
>  will need to be made to the code to support it.  I doubt it will work out
>  of the box because the code expects to be able to connect to an LDAP
>  server using
> 
> ldap_connect("ldaps://hostname.of.server.here/");'
> 
> But, if stunnel can be set up such that just using localhost as the
>  hostname will work, you may be able to do it without any modifications.
> 
> Is there a reason ldaps won't work for you?  If it is because of
>  self-signed certificates, I can explain how to work with that.
> 
> Josh
> 
> On Thursday May 20, 2010, Clifton B Wood wrote:
> > Passing this along by request from Andy.
> >
> > I am curious as to how robust the LDAP code is in VCL, as we
> > might be required to make web front-end logins use that
> > authentication method in the future.
> >
> > Thanks!
> >
> > - Cliff
> >
> > Andy,
> >
> > I am trying to get LDAP logins working on our VCL pilot. First
> > off, we are not using LDAPS, we are using basic logins with
> > stunnel (ldap requests are sent to a port on the local
> > machine, the request is then encrypted and sent to our Active
> > Directory server) -- I've verified that this works using other
> > LDAP tools, however when I try logging in using VCL, it
> > doesn't work.
> >
> > Does the LDAP code you are using for VCL support this kind of
> > setup?
> >
> > I've attached my conf.php file to this email.
> >
> > Thanks!
> >
> > - Cliff Wood
> > Morgan State University
> 
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Advanced Computing | VCL Developer
> North Carolina State University
> 
> josh_thomp...@ncsu.edu
> 919-515-5323
> 
> my GPG/PGP key can be found at pgp.mit.edu
>   End of encapsulated message
> 

- -- 
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University

josh_thomp...@ncsu.edu
919-515-5323

my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkv+qKIACgkQV/LQcNdtPQO5+QCfSY1MHcMRrrLorv8pPfHRYdyx
UtoAn3Quehwoy0So+4Kv/GAze9SMe016
=TM63
-----END PGP SIGNATURE-----

<<attachment: ldaptest.php>>

Reply via email to