-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cliff,
Unfortunately, I'm not a Microsoft guy either; so, I can't help with
generating the certs. I only know how to get VCL to work with self-signed
certs. Maybe someone else on the list can provide instructions or a link to
some good online instructions.
To get VCL working with stunnel, I'd suggest first just trying to get some
basic php ldap functionality working. I've attached a test ldap script I use
that you can use as a starting point. Hopefully the mailing list won't eat
it. If you can get it working and let me know what you had to do, I can tell
you what to modify in VCL.
Josh
On Thursday May 27, 2010, Clifton B Wood wrote:
> Josh,
>
> Yes. The reason we went with stunnel is because we thought that
> dealing with LDAPS and certificates would be too time consuming
> with our existing setup. We had everything working with LDAP and
> no expertise with generating self-signed certs with Microsoft
> tools.
>
> If you can explain how to do that, it would be most
> appreciative, however if there is a way that ldap_connect() can
> be used WITHOUT LDAPS, then that would be better for us.
>
> Thanks.
>
> - Cliff
>
> Re: Fwd: AD/LDAP support in VCL
> From: Josh Thompson <josh_thomp...@ncsu.edu>
> To: vcl-dev@incubator.apache.org
> Date: Friday 11:10:03 am
>
> Cliff,
>
> The LDAP code is being used by many people for authentication; so, you
> should be able to use it without worrying about issues with it once you
> have it set up correctly. You also gain some optional user group
> management if you use LDAP.
>
> I've not used stunnel before; so, I'm not exactly sure what modifications
> will need to be made to the code to support it. I doubt it will work out
> of the box because the code expects to be able to connect to an LDAP
> server using
>
> ldap_connect("ldaps://hostname.of.server.here/");'
>
> But, if stunnel can be set up such that just using localhost as the
> hostname will work, you may be able to do it without any modifications.
>
> Is there a reason ldaps won't work for you? If it is because of
> self-signed certificates, I can explain how to work with that.
>
> Josh
>
> On Thursday May 20, 2010, Clifton B Wood wrote:
> > Passing this along by request from Andy.
> >
> > I am curious as to how robust the LDAP code is in VCL, as we
> > might be required to make web front-end logins use that
> > authentication method in the future.
> >
> > Thanks!
> >
> > - Cliff
> >
> > Andy,
> >
> > I am trying to get LDAP logins working on our VCL pilot. First
> > off, we are not using LDAPS, we are using basic logins with
> > stunnel (ldap requests are sent to a port on the local
> > machine, the request is then encrypted and sent to our Active
> > Directory server) -- I've verified that this works using other
> > LDAP tools, however when I try logging in using VCL, it
> > doesn't work.
> >
> > Does the LDAP code you are using for VCL support this kind of
> > setup?
> >
> > I've attached my conf.php file to this email.
> >
> > Thanks!
> >
> > - Cliff Wood
> > Morgan State University
>
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Advanced Computing | VCL Developer
> North Carolina State University
>
> josh_thomp...@ncsu.edu
> 919-515-5323
>
> my GPG/PGP key can be found at pgp.mit.edu
> End of encapsulated message
>
- --
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University
josh_thomp...@ncsu.edu
919-515-5323
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkv+qKIACgkQV/LQcNdtPQO5+QCfSY1MHcMRrrLorv8pPfHRYdyx
UtoAn3Quehwoy0So+4Kv/GAze9SMe016
=TM63
-----END PGP SIGNATURE-----
<<attachment: ldaptest.php>>
