Josh, I got your ldaptest.php to work on our system. I've attached the working version.
It was easy enough to get this version to work, now if we can get our conf.php properly configured from this, I will be one happy person. Thank you for your help! - Cliff
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cliff, Unfortunately, I'm not a Microsoft guy either; so, I can't help with generating the certs. I only know how to get VCL to work with self-signed certs. Maybe someone else on the list can provide instructions or a link to some good online instructions. To get VCL working with stunnel, I'd suggest first just trying to get some basic php ldap functionality working. I've attached a test ldap script I use that you can use as a starting point. Hopefully the mailing list won't eat it. If you can get it working and let me know what you had to do, I can tell you what to modify in VCL. Josh On Thursday May 27, 2010, Clifton B Wood wrote: > Josh, > > Yes. The reason we went with stunnel is because we thought that > dealing with LDAPS and certificates would be too time consuming > with our existing setup. We had everything working with LDAP and > no expertise with generating self-signed certs with Microsoft > tools. > > If you can explain how to do that, it would be most > appreciative, however if there is a way that ldap_connect() can > be used WITHOUT LDAPS, then that would be better for us. > > Thanks. > > - Cliff > > Re: Fwd: AD/LDAP support in VCL > From: Josh Thompson <josh_thomp...@ncsu.edu> > To: email@example.com > Date: Friday 11:10:03 am > > Cliff, > > The LDAP code is being used by many people for authentication; so, you > should be able to use it without worrying about issues with it once you > have it set up correctly. You also gain some optional user group > management if you use LDAP. > > I've not used stunnel before; so, I'm not exactly sure what modifications > will need to be made to the code to support it. I doubt it will work out > of the box because the code expects to be able to connect to an LDAP > server using > > ldap_connect("ldaps://hostname.of.server.here/");' > > But, if stunnel can be set up such that just using localhost as the > hostname will work, you may be able to do it without any modifications. > > Is there a reason ldaps won't work for you? If it is because of > self-signed certificates, I can explain how to work with that. > > Josh > > On Thursday May 20, 2010, Clifton B Wood wrote: > > Passing this along by request from Andy. > > > > I am curious as to how robust the LDAP code is in VCL, as we > > might be required to make web front-end logins use that > > authentication method in the future. > > > > Thanks! > > > > - Cliff > > > > Andy, > > > > I am trying to get LDAP logins working on our VCL pilot. First > > off, we are not using LDAPS, we are using basic logins with > > stunnel (ldap requests are sent to a port on the local > > machine, the request is then encrypted and sent to our Active > > Directory server) -- I've verified that this works using other > > LDAP tools, however when I try logging in using VCL, it > > doesn't work. > > > > Does the LDAP code you are using for VCL support this kind of > > setup? > > > > I've attached my conf.php file to this email. > > > > Thanks! > > > > - Cliff Wood > > Morgan State University > > -- > ------------------------------- > Josh Thompson > Systems Programmer > Advanced Computing | VCL Developer > North Carolina State University > > josh_thomp...@ncsu.edu > 919-515-5323 > > my GPG/PGP key can be found at pgp.mit.edu > End of encapsulated message > - -- - ------------------------------- Josh Thompson Systems Programmer Advanced Computing | VCL Developer North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkv+qKIACgkQV/LQcNdtPQO5+QCfSY1MHcMRrrLorv8pPfHRYdyx UtoAn3Quehwoy0So+4Kv/GAze9SMe016 =TM63 -----END PGP SIGNATURE-----
--- End Message ---