I got your ldaptest.php to work on our system. I've attached the working 

It was easy enough to get this version to work, now if we can get our conf.php 
properly configured from this, I will be one happy person.

Thank you for your help!

- Cliff
--- Begin Message ---
Hash: SHA1


Unfortunately, I'm not a Microsoft guy either; so, I can't help with 
generating the certs.  I only know how to get VCL to work with self-signed 
certs.  Maybe someone else on the list can provide instructions or a link to 
some good online instructions.

To get VCL working with stunnel, I'd suggest first just trying to get some 
basic php ldap functionality working.  I've attached a test ldap script I use 
that you can use as a starting point.  Hopefully the mailing list won't eat 
it.  If you can get it working and let me know what you had to do, I can tell 
you what to modify in VCL.


On Thursday May 27, 2010, Clifton B Wood wrote:
> Josh, 
> Yes. The reason we went with stunnel is because we thought that 
> dealing with LDAPS and certificates would be too time consuming 
> with our existing setup. We had everything working with LDAP and 
> no expertise with generating self-signed certs with Microsoft 
> tools.
> If you can explain how to do that, it would be most 
> appreciative, however if there is a way that ldap_connect() can 
> be used WITHOUT LDAPS, then that would be better for us.
> Thanks.
> - Cliff
>   Re: Fwd: AD/LDAP support in VCL
> From: Josh Thompson <>
>   To:
>   Date: Friday 11:10:03 am
> Cliff,
> The LDAP code is being used by many people for authentication; so, you
>  should be able to use it without worrying about issues with it once you
>  have it set up correctly.  You also gain some optional user group
>  management if you use LDAP.
> I've not used stunnel before; so, I'm not exactly sure what modifications
>  will need to be made to the code to support it.  I doubt it will work out
>  of the box because the code expects to be able to connect to an LDAP
>  server using
> ldap_connect("ldaps://");'
> But, if stunnel can be set up such that just using localhost as the
>  hostname will work, you may be able to do it without any modifications.
> Is there a reason ldaps won't work for you?  If it is because of
>  self-signed certificates, I can explain how to work with that.
> Josh
> On Thursday May 20, 2010, Clifton B Wood wrote:
> > Passing this along by request from Andy.
> >
> > I am curious as to how robust the LDAP code is in VCL, as we
> > might be required to make web front-end logins use that
> > authentication method in the future.
> >
> > Thanks!
> >
> > - Cliff
> >
> > Andy,
> >
> > I am trying to get LDAP logins working on our VCL pilot. First
> > off, we are not using LDAPS, we are using basic logins with
> > stunnel (ldap requests are sent to a port on the local
> > machine, the request is then encrypted and sent to our Active
> > Directory server) -- I've verified that this works using other
> > LDAP tools, however when I try logging in using VCL, it
> > doesn't work.
> >
> > Does the LDAP code you are using for VCL support this kind of
> > setup?
> >
> > I've attached my conf.php file to this email.
> >
> > Thanks!
> >
> > - Cliff Wood
> > Morgan State University
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Advanced Computing | VCL Developer
> North Carolina State University
> 919-515-5323
> my GPG/PGP key can be found at
>   End of encapsulated message

- -- 
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University

my GPG/PGP key can be found at
Version: GnuPG v2.0.14 (GNU/Linux)


<<attachment: ldaptest.php>>

--- End Message ---

Reply via email to