From harishvc@gmail.com Wed Sep 23 15:26:51 2009 From: Harish Chakravarthy To: openldap-technical@openldap.org Subject: Unable to bind to active directory using TLS Date: Wed, 23 Sep 2009 08:26:28 -0700 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8779605747333640179==" --===============8779605747333640179== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello Everyone, Greetings. I am unable to bind to active directory using TLS. I get the following error while executing my script via the browser *PHP Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error* The same script when executed from the command line works!. I have compiled PHP with flags --with-ldap --with-ldap-sasl --with-openssl . Can you help me further trouble shoot this problem?. Thanks Harish --===============8779605747333640179== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 SGVsbG8gRXZlcnlvbmUsPGJyPjxicj5HcmVldGluZ3MuPGJyPjxicj5JIGFtIHVuYWJsZSB0byBi aW5kIHRvIGFjdGl2ZSBkaXJlY3RvcnkgdXNpbmcgVExTLiBJIGdldCB0aGUgZm9sbG93aW5nIGVy cm9yIHdoaWxlIGV4ZWN1dGluZyBteSBzY3JpcHQgdmlhIHRoZSBicm93c2VyPGJyPjxicj48aT48 Yj5QSFAgV2FybmluZzqgIGxkYXBfc3RhcnRfdGxzKCkgWyZsdDthIGhyZWY9JiMzOTtmdW5jdGlv bi5sZGFwLXN0YXJ0LXRscyYjMzk7Jmd0O2Z1bmN0aW9uLmxkYXAtc3RhcnQtdGxzJmx0Oy9hJmd0 O106IFVuYWJsZSB0byBzdGFydCBUTFM6IENvbm5lY3QgZXJyb3I8L2I+PC9pPjxicj4KPGJyPlRo ZSBzYW1lIHNjcmlwdCB3aGVuIGV4ZWN1dGVkIGZyb20gdGhlIGNvbW1hbmQgbGluZSB3b3JrcyEu IDxicj48YnI+SSBoYXZlIGNvbXBpbGVkIFBIUCB3aXRoIGZsYWdzIC0td2l0aC1sZGFwoCAtLXdp dGgtbGRhcC1zYXNsIC0td2l0aC1vcGVuc3NsoCAuoCA8YnI+PGJyPkNhbiB5b3UgaGVscCBtZSBm dXJ0aGVyIHRyb3VibGUgc2hvb3QgdGhpcyBwcm9ibGVtPy48YnI+PGJyPlRoYW5rczxicj4KSGFy aXNoPGJyPjxicj48YnI+PGJyPgo= --===============8779605747333640179==-- From stybla@turnovfree.net Thu Sep 24 12:58:44 2009 From: Zdenek Styblik To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Thu, 24 Sep 2009 14:59:10 +0200 Message-ID: <4ABB6D1E.8010804@turnovfree.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6525475111599647784==" --===============6525475111599647784== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Harish Chakravarthy wrote: > Hello Everyone, > > Greetings. > > I am unable to bind to active directory using TLS. I get the following > error while executing my script via the browser > > /*PHP Warning: ldap_start_tls() [ href='function.ldap-start-tls'>function.ldap-start-tls]: Unable to > start TLS: Connect error*/ > > The same script when executed from the command line works!. > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > --with-openssl . > > Can you help me further trouble shoot this problem?. > > Thanks > Harish > > > And what has to say? I think there might be two .ini files - one for command line and one for httpd php module. So, this one for httpd might be missing: extension=openssl.so extension=ldap.so Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla(a)turnovfree.net jabber: stybla(a)jabber.turnovfree.net --===============6525475111599647784==-- From harishvc@gmail.com Fri Sep 25 22:46:20 2009 From: Harish Chakravarthy To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Fri, 25 Sep 2009 15:45:51 -0700 Message-ID: In-Reply-To: <4ABB6D1E.8010804@turnovfree.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7262981028987127969==" --===============7262981028987127969== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Here is more information 1. I am binding to Active Directory from Solaris 10 2. My php_info gives configure options as './configure' '--prefix=3D/home/local/php-5.2.9' '--with-apxs2=3D/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=3D/usr/local/ssl' '--with-mysql=3D/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?. Thanks again for your time. -Harish On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik wrot= e: > Harish Chakravarthy wrote: > > Hello Everyone, > > > > Greetings. > > > > I am unable to bind to active directory using TLS. I get the following > > error while executing my script via the browser > > > > /*PHP Warning: ldap_start_tls() [ > href=3D'function.ldap-start-tls'>function.ldap-start-tls]: Unable to > > start TLS: Connect error*/ > > > > The same script when executed from the command line works!. > > > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > > --with-openssl . > > > > Can you help me further trouble shoot this problem?. > > > > Thanks > > Harish > > > > > > > > And what has to say? I think there might be two .ini > files - one for command line and one for httpd php module. So, this one > for httpd might be missing: > extension=3Dopenssl.so > extension=3Dldap.so > > > Regards, > Zdenek > > -- > Zdenek Styblik > Net/Linux admin > OS TurnovFree.net > email: stybla(a)turnovfree.net > jabber: stybla(a)jabber.turnovfree.net > --===============7262981028987127969== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 SGVyZSBpcyBtb3JlIGluZm9ybWF0aW9uPGJyPjEuIEkgYW0gYmluZGluZyB0byBBY3RpdmUgRGly ZWN0b3J5IGZyb20gU29sYXJpcyAxMDxicj4yLiBNeSBwaHBfaW5mbyBnaXZlcyBjb25maWd1cmUg b3B0aW9ucyBhcyAmIzM5Oy4vY29uZmlndXJlJiMzOTsgJiMzOTstLXByZWZpeD0vaG9tZS9sb2Nh bC9waHAtNS4yLjkmIzM5OwomIzM5Oy0td2l0aC1hcHhzMj0vcGF0aC9hcGFjaGUyL2Jpbi9hcHhz JiMzOTsgJiMzOTstLXdpdGgtbGRhcCYjMzk7CiYjMzk7LS13aXRoLWxkYXAtc2FzbCYjMzk7ICYj Mzk7LS13aXRoLW9wZW5zc2w9L3Vzci9sb2NhbC9zc2wmIzM5OwomIzM5Oy0td2l0aC1teXNxbD0v dXNyL2xvY2FsL215c3FsLyYjMzk7ICYjMzk7LS13aXRoLWdkJiMzOTs8YnI+My4gVGhlIFBBVEgg JmFtcDsgTERfTElCUkFSWV9QQVRIIGxpc3RlZCB2aWEgcGhwX2luZm8gb24gdGhlIGJyb3dzZXIg aGFzIGV4YWN0bHkgdGhlIHNhbWUgc2V0dGluZ3MgYXMgbXkgdXNlciBhY2NvdW50ICh0aGF0IGV4 ZWN1dGVzIHRoZSBzY3JpcHQgZnJvbSBjb21tYW5kIGxpbmUpPGJyPgo0LiBJIGhhdmUgYSBsZGFw LmNvbmYgZmlsZSBpbnNpZGUgL29wdC9jc3cvZXRjL29wZW5sZGFwIC4gSG93ZXZlciB0aGlzIGZp bGUgaXMgbm90IGJlaW5nIHVzZWQgYnkgdGhlIHNjcmlwdCAoY29tbWFuZCBsaW5lIG9yIHdlYiku IEkgcmVuYW1lIHRoZSBmaWxlIGFuZCBub3RoaW5nIGNoYW5nZXMhLjxicj41LiBJIGhhdmUgYXBh Y2hlIGNvbXBpbGVkIGZvciBtb2Rfc3NsPGJyPjxicj5TaG91bGQgSSByZWNvbXBpbGUgQXBhY2hl IHdpdGggbW9kX2xkYXAgb3IgYW55IGFkZGl0aW9uYWwgbW9kdWxlcyAtIEkgdXNpbmcgYSBQSFAg c2NyaXB0IG9uIG15IHdlYnNlcnZlciB0byBnYXRoZXIgbG9naW4gJmFtcDsgcGFzc3dvcmQgdG8g YXV0aGVudGljYXRlZCBhZ2FpbnN0IEFjdGl2ZSBEaXJlY3Rvcnk/Ljxicj4KPGJyPlRoYW5rcyBh Z2FpbiBmb3IgeW91ciB0aW1lLjxicj48YnI+LUhhcmlzaDxicj48YnI+PGJyPjxicj48YnI+PGJy PjxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj5PbiBUaHUsIFNlcCAyNCwgMjAwOSBhdCA1OjU5IEFN LCBaZGVuZWsgU3R5YmxpayA8c3BhbiBkaXI9Imx0ciI+Jmx0OzxhIGhyZWY9Im1haWx0bzpzdHli bGFAdHVybm92ZnJlZS5uZXQiPnN0eWJsYUB0dXJub3ZmcmVlLm5ldDwvYT4mZ3Q7PC9zcGFuPiB3 cm90ZTo8YnI+CjxibG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9ImJvcmRlci1s ZWZ0OiAxcHggc29saWQgcmdiKDIwNCwgMjA0LCAyMDQpOyBtYXJnaW46IDBwdCAwcHQgMHB0IDAu OGV4OyBwYWRkaW5nLWxlZnQ6IDFleDsiPjxkaXY+PGRpdj48L2Rpdj48ZGl2IGNsYXNzPSJoNSI+ SGFyaXNoIENoYWtyYXZhcnRoeSB3cm90ZTo8YnI+CiZndDsgSGVsbG8gRXZlcnlvbmUsPGJyPgom Z3Q7PGJyPgomZ3Q7IEdyZWV0aW5ncy48YnI+CiZndDs8YnI+CiZndDsgSSBhbSB1bmFibGUgdG8g YmluZCB0byBhY3RpdmUgZGlyZWN0b3J5IHVzaW5nIFRMUy4gSSBnZXQgdGhlIGZvbGxvd2luZzxi cj4KJmd0OyBlcnJvciB3aGlsZSBleGVjdXRpbmcgbXkgc2NyaXB0IHZpYSB0aGUgYnJvd3Nlcjxi cj4KJmd0Ozxicj4KJmd0OyAvKlBIUCBXYXJuaW5nOiCgbGRhcF9zdGFydF90bHMoKSBbJmx0O2E8 YnI+CiZndDsgaHJlZj0mIzM5O2Z1bmN0aW9uLmxkYXAtc3RhcnQtdGxzJiMzOTsmZ3Q7ZnVuY3Rp b24ubGRhcC1zdGFydC10bHMmbHQ7L2EmZ3Q7XTogVW5hYmxlIHRvPGJyPgomZ3Q7IHN0YXJ0IFRM UzogQ29ubmVjdCBlcnJvciovPGJyPgomZ3Q7PGJyPgomZ3Q7IFRoZSBzYW1lIHNjcmlwdCB3aGVu IGV4ZWN1dGVkIGZyb20gdGhlIGNvbW1hbmQgbGluZSB3b3JrcyEuPGJyPgomZ3Q7PGJyPgomZ3Q7 IEkgaGF2ZSBjb21waWxlZCBQSFAgd2l0aCBmbGFncyAtLXdpdGgtbGRhcCCgLS13aXRoLWxkYXAt c2FzbDxicj4KJmd0OyAtLXdpdGgtb3BlbnNzbCCgLjxicj4KJmd0Ozxicj4KJmd0OyBDYW4geW91 IGhlbHAgbWUgZnVydGhlciB0cm91YmxlIHNob290IHRoaXMgcHJvYmxlbT8uPGJyPgomZ3Q7PGJy PgomZ3Q7IFRoYW5rczxicj4KJmd0OyBIYXJpc2g8YnI+CiZndDs8YnI+CiZndDs8YnI+CiZndDs8 YnI+Cjxicj4KPC9kaXY+PC9kaXY+QW5kIHdoYXQgaGFzICZsdDs/cGhwIHBocF9pbmZvKCkgPyZn dDsgdG8gc2F5PyBJIHRoaW5rIHRoZXJlIG1pZ2h0IGJlIHR3byAuaW5pPGJyPgpmaWxlcyAtIG9u ZSBmb3IgY29tbWFuZCBsaW5lIGFuZCBvbmUgZm9yIGh0dHBkIHBocCBtb2R1bGUuIFNvLCB0aGlz IG9uZTxicj4KZm9yIGh0dHBkIG1pZ2h0IGJlIG1pc3Npbmc6PGJyPgpleHRlbnNpb249b3BlbnNz bC5zbzxicj4KZXh0ZW5zaW9uPWxkYXAuc288YnI+CiZsdDt3aGF0ZXZlciBpcyBuZWVkZWQmZ3Q7 PGJyPgo8YnI+ClJlZ2FyZHMsPGJyPgpaZGVuZWs8YnI+Cjxmb250IGNvbG9yPSIjODg4ODg4Ij48 YnI+Ci0tPGJyPgpaZGVuZWsgU3R5Ymxpazxicj4KTmV0L0xpbnV4IGFkbWluPGJyPgpPUyBUdXJu b3ZGcmVlLm5ldDxicj4KZW1haWw6IDxhIGhyZWY9Im1haWx0bzpzdHlibGFAdHVybm92ZnJlZS5u ZXQiPnN0eWJsYUB0dXJub3ZmcmVlLm5ldDwvYT48YnI+CmphYmJlcjogPGEgaHJlZj0ibWFpbHRv OnN0eWJsYUBqYWJiZXIudHVybm92ZnJlZS5uZXQiPnN0eWJsYUBqYWJiZXIudHVybm92ZnJlZS5u ZXQ8L2E+PGJyPgo8L2ZvbnQ+PC9ibG9ja3F1b3RlPjwvZGl2Pjxicj4K --===============7262981028987127969==-- From stybla@turnovfree.net Sat Sep 26 07:32:47 2009 From: Zdenek Styblik To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Sat, 26 Sep 2009 09:33:22 +0200 Message-ID: <4ABDC3C2.5040200@turnovfree.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3957584053296733854==" --===============3957584053296733854== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harish Chakravarthy wrote: > Here is more information > 1. I am binding to Active Directory from Solaris 10 > 2. My php_info gives configure options as './configure' > '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' > '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' > '--with-mysql=/usr/local/mysql/' '--with-gd' > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has > exactly the same settings as my user account (that executes the script > from command line) > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this > file is not being used by the script (command line or web). I rename the > file and nothing changes!. > 5. I have apache compiled for mod_ssl > > Should I recompile Apache with mod_ldap or any additional modules - I > using a PHP script on my webserver to gather login & password to > authenticated against Active Directory?. > > Thanks again for your time. > > -Harish > > Hello, I'm sorry, I should have read better. I replied in haste and- Can you please code I've attached? It should be sufficient just to supply credentials. I've tested it and, although I can't make an LDAP connection from console [I've messed something in PHP; ignore], it works for me via WEB [I can see 'OK']. I'm not sure why I've put comments about TLS being buggy [probably something in PHP documentation?], but the code [PHP] works with LDAP TLS just fine. I don't think you need mod_ldap in Apache, as this one should serve for direct interaction of httpd<-->LDAP [imao]. Let me know, Zdenek - -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla(a)turnovfree.net jabber: stybla(a)jabber.turnovfree.net > > > > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik > wrote: > > Harish Chakravarthy wrote: > > Hello Everyone, > > > > Greetings. > > > > I am unable to bind to active directory using TLS. I get the following > > error while executing my script via the browser > > > > /*PHP Warning: ldap_start_tls() [ > href='function.ldap-start-tls'>function.ldap-start-tls]: Unable to > > start TLS: Connect error*/ > > > > The same script when executed from the command line works!. > > > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > > --with-openssl . > > > > Can you help me further trouble shoot this problem?. > > > > Thanks > > Harish > > > > > > > > And what has to say? I think there might be two .ini > files - one for command line and one for httpd php module. So, this one > for httpd might be missing: > extension=openssl.so > extension=ldap.so > > > Regards, > Zdenek > > -- > Zdenek Styblik > Net/Linux admin > OS TurnovFree.net > email: stybla(a)turnovfree.net > jabber: stybla(a)jabber.turnovfree.net > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq9w8IACgkQ8MreUbSH7ik1/QCgz6i5y1ogcRO8GlYAFHudY0Rw qfQAnjHLzOG1CuQRkGI9AA4VZMjrXtWQ =r25x -----END PGP SIGNATURE----- --===============3957584053296733854== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ldapConnTest.php" MIME-Version: 1.0 PD9waHAKLyogCiAqIFtQSFBdIENvZGUgdG8gdGVzdCBMREFQIGNvbm5lY3Rpb24KICovCmRlZmlu ZSgnTVlMREFQX0hPU1QnLCAnbGRhcDovL2xvY2FsaG9zdCcpOwpkZWZpbmUoJ01ZTERBUF9QT1JU JywgMzg5KTsKZGVmaW5lKCdNWUxEQVBfQklOREROJywgJ2NuPUxEQVB1c2VyLGRjPWRvbWFpbixk Yz10bGQnKTsKZGVmaW5lKCdNWUxEQVBfUFNXRCcsICdteVBhc3MnKTsKZGVmaW5lKCdNWUxEQVBf VExTJywgdHJ1ZSk7ICMgYnVnZ3kgLSBkb24ndCB1c2U/CgojICEtLSBzb21lIGlucHV0IHZhciBj aGVja3MgaGVyZSAtLSEKJGxkYXBDb25uID0gbGRhcF9jb25uZWN0KE1ZTERBUF9IT1NULCBNWUxE QVBfUE9SVCk7CmlmICghJGxkYXBDb25uKSB7CglleGl0KCJVbmFibGUgdG8gY29ubmVjdCB0byBM REFQIHNlcnZlciIpOwp9CmlmICghbGRhcF9zZXRfb3B0aW9uKCRsZGFwQ29ubiwgTERBUF9PUFRf UFJPVE9DT0xfVkVSU0lPTiwgMykpIHsKCWV4aXQoIlVuYWJsZSB0byBzZXQgcHJvdG9jb2wgdmVy c2lvbiB0byB2MyIpOwp9CiMgYnVnZ3kgLSBkb24ndCB1c2UgPwppZiAoTVlMREFQX1RMUykgewoJ bGRhcF9zdGFydF90bHMoJGxkYXBDb25uKSBvciBkaWUoIkNhbid0IHN0YXJ0IFRMUyIpOwp9Cgok bGRhcEJpbmQgPSBsZGFwX2JpbmQoJGxkYXBDb25uLCBNWUxEQVBfQklOREROLCBNWUxEQVBfUFNX RCk7CmlmICghJGxkYXBCaW5kKSB7CglleGl0KCJMREFQIEJpbmQgZmFpbGVkIik7Cn0KCmVjaG8g Ik9LIjsKCmxkYXBfdW5iaW5kKCRsZGFwQ29ubik7ICMgYWthIGxkYXBfY2xvc2UKCnJldHVybiAw Owo/Pgo= --===============3957584053296733854==-- From stybla@turnovfree.net Sat Sep 26 08:03:52 2009 From: Zdenek Styblik To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Sat, 26 Sep 2009 10:04:35 +0200 Message-ID: <4ABDCB13.3050806@turnovfree.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1669192701423692636==" --===============1669192701423692636== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Harish Chakravarthy wrote: > Here is more information > 1. I am binding to Active Directory from Solaris 10 > 2. My php_info gives configure options as './configure' > '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' > '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' > '--with-mysql=/usr/local/mysql/' '--with-gd' > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has > exactly the same settings as my user account (that executes the script > from command line) > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this > file is not being used by the script (command line or web). I rename the > file and nothing changes!. > 5. I have apache compiled for mod_ssl > > Should I recompile Apache with mod_ldap or any additional modules - I > using a PHP script on my webserver to gather login & password to > authenticated against Active Directory?. > > Thanks again for your time. > > -Harish > > Also, does TLS work with LDAP itself? There is also comment at php.net which says: > If your version was linked against the OpenLDAP libraries, you may > want to look at the ldap.conf file for more information about specifying > SSL/TLS behavior. Apparently, the settings in ldap.conf make a different > in the way SSL/TLS is handled by PHP. Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2 Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla(a)turnovfree.net jabber: stybla(a)jabber.turnovfree.net > > > > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik > wrote: > > Harish Chakravarthy wrote: > > Hello Everyone, > > > > Greetings. > > > > I am unable to bind to active directory using TLS. I get the following > > error while executing my script via the browser > > > > /*PHP Warning: ldap_start_tls() [ > href='function.ldap-start-tls'>function.ldap-start-tls]: Unable to > > start TLS: Connect error*/ > > > > The same script when executed from the command line works!. > > > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > > --with-openssl . > > > > Can you help me further trouble shoot this problem?. > > > > Thanks > > Harish > > > > > > > > And what has to say? I think there might be two .ini > files - one for command line and one for httpd php module. So, this one > for httpd might be missing: > extension=openssl.so > extension=ldap.so > > > Regards, > Zdenek > > -- > Zdenek Styblik > Net/Linux admin > OS TurnovFree.net > email: stybla(a)turnovfree.net > jabber: stybla(a)jabber.turnovfree.net > > > --===============1669192701423692636==-- From harishvc@gmail.com Mon Sep 28 00:54:04 2009 From: Harish Chakravarthy To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Sun, 27 Sep 2009 17:46:10 -0700 Message-ID: In-Reply-To: <4ABDCB13.3050806@turnovfree.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1428543916175068916==" --===============1428543916175068916== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Everyone, Below is my Php test script (minor modifications to Zdenek's script) . This test script works from command line but not from the web. "TLS connect failed!" is my error message when I execute the script via web. Any assistance is welcome. Also my environment is Php using OpenLDAP on Solaris 10 connecting to Active Directory. "; ldap_unbind($ldapConn); return 0; ?> -Harish On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik wrot= e: > Harish Chakravarthy wrote: > > Here is more information > > 1. I am binding to Active Directory from Solaris 10 > > 2. My php_info gives configure options as './configure' > > '--prefix=3D/home/local/php-5.2.9' '--with-apxs2=3D/path/apache2/bin/apxs' > > '--with-ldap' '--with-ldap-sasl' '--with-openssl=3D/usr/local/ssl' > > '--with-mysql=3D/usr/local/mysql/' '--with-gd' > > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has > > exactly the same settings as my user account (that executes the script > > from command line) > > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this > > file is not being used by the script (command line or web). I rename the > > file and nothing changes!. > > 5. I have apache compiled for mod_ssl > > > > Should I recompile Apache with mod_ldap or any additional modules - I > > using a PHP script on my webserver to gather login & password to > > authenticated against Active Directory?. > > > > Thanks again for your time. > > > > -Harish > > > > > > Also, does TLS work with LDAP itself? > There is also comment at php.net which says: > > > If your version was linked against the OpenLDAP libraries, you may > > want to look at the ldap.conf file for more information about specifying > > SSL/TLS behavior. Apparently, the settings in ldap.conf make a different > > in the way SSL/TLS is handled by PHP. > > Please, check >> http://marc.info/?l=3Dphp-windows&m=3D116127873321748&w=3D2 > > Zdenek > > -- > Zdenek Styblik > Net/Linux admin > OS TurnovFree.net > email: stybla(a)turnovfree.net > jabber: stybla(a)jabber.turnovfree.net > > > > > > > > > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik > > wrote: > > > > Harish Chakravarthy wrote: > > > Hello Everyone, > > > > > > Greetings. > > > > > > I am unable to bind to active directory using TLS. I get the > following > > > error while executing my script via the browser > > > > > > /*PHP Warning: ldap_start_tls() [ > > href=3D'function.ldap-start-tls'>function.ldap-start-tls]: Unab= le > to > > > start TLS: Connect error*/ > > > > > > The same script when executed from the command line works!. > > > > > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > > > --with-openssl . > > > > > > Can you help me further trouble shoot this problem?. > > > > > > Thanks > > > Harish > > > > > > > > > > > > > And what has to say? I think there might be two > .ini > > files - one for command line and one for httpd php module. So, this > one > > for httpd might be missing: > > extension=3Dopenssl.so > > extension=3Dldap.so > > > > > > Regards, > > Zdenek > > > > -- > > Zdenek Styblik > > Net/Linux admin > > OS TurnovFree.net > > email: stybla(a)turnovfree.net > > jabber: stybla(a)jabber.turnovfree.net > > > > > > > --===============1428543916175068916== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 SGVsbG8gRXZlcnlvbmUsPGJyPjxicj5CZWxvdyBpcyBteSBQaHAgdGVzdCBzY3JpcHQgKG1pbm9y IG1vZGlmaWNhdGlvbnMgdG8gWmRlbmVrJiMzOTtzIHNjcmlwdCkgLiBUaGlzIHRlc3Qgc2NyaXB0 IHdvcmtzIGZyb20gY29tbWFuZCBsaW5lIGJ1dCBub3QgZnJvbSB0aGUgd2ViLiAmcXVvdDtUTFMg Y29ubmVjdCBmYWlsZWQhJnF1b3Q7IGlzIG15IGVycm9yIG1lc3NhZ2Ugd2hlbiBJIGV4ZWN1dGUg dGhlIHNjcmlwdCB2aWEgd2ViLiBBbnkgYXNzaXN0YW5jZSBpcyB3ZWxjb21lLjxicj4KPGJyPkFs c28gbXkgZW52aXJvbm1lbnQgaXMgUGhwIHVzaW5noCBPcGVuTERBUCBvbiBTb2xhcmlzIDEwIGNv bm5lY3RpbmcgdG8gQWN0aXZlIERpcmVjdG9yeS48YnI+PGJyPiZsdDs/cGhwPGJyPmRlZmluZSgm IzM5O01ZTERBUF9IT1NUJiMzOTssICYjMzk7bGRhcDovL215LnNlcnZlciYjMzk7KTs8YnI+ZGVm aW5lKCYjMzk7TVlMREFQX1BPUlQmIzM5OywgMzg5KTs8YnI+ZGVmaW5lKCYjMzk7TVlMREFQX0JJ TkRETiYjMzk7LCAmIzM5O0NOPXNvbWV0aGluZyxPVT1Vc2VycyxPVT1BZG1pbmlzdHJhdGlvbixE Qz1lZHUmIzM5Oyk7PGJyPgpkZWZpbmUoJiMzOTtNWUxEQVBfUFNXRCYjMzk7LCAmIzM5O3NvbWV0 aGluZyk7PGJyPjxicj4jIFJlcXVpcmVkIGZvciB3b3JraW5nIHZpYSBjb21tYW5kIGxpbmU8YnI+ cHV0ZW52KCYjMzk7TERBUFRMU19SRVFDRVJUPW5ldmVyJiMzOTspIG9yIGRpZSgmIzM5O0ZhaWxl ZCB0byBzZXR1cCB0aGUgZW52JiMzOTspOzxicj48YnI+JGxkYXBDb25uID0gbGRhcF9jb25uZWN0 KE1ZTERBUF9IT1NULCBNWUxEQVBfUE9SVCk7PGJyPgppZiAoISRsZGFwQ29ubikgezxicj6goKCg oKAgZXhpdCgmcXVvdDtVbmFibGUgdG8gY29ubmVjdCB0byBMREFQIHNlcnZlciZxdW90Oyk7PGJy Pn08YnI+aWYgKCFsZGFwX3NldF9vcHRpb24oJGxkYXBDb25uLCBMREFQX09QVF9QUk9UT0NPTF9W RVJTSU9OLCAzKSkgezxicj6goKCgoKAgZXhpdCgmcXVvdDtVbmFibGUgdG8gc2V0IHByb3RvY29s IHZlcnNpb24gdG8gdjMmcXVvdDspOzxicj4KfTxicj4kdGxzID0gbGRhcF9zdGFydF90bHMoJGxk YXBDb25uKTs8YnI+aWYgKCEkdGxzKSB7IGV4aXQoJnF1b3Q7VExTIGNvbm5lY3QgZmFpbGVkISZx dW90Oyk7IH08YnI+JGxkYXBCaW5kID0gbGRhcF9iaW5kKCRsZGFwQ29ubiwgTVlMREFQX0JJTkRE TiwgTVlMREFQX1BTV0QpOzxicj5pZiAoISRsZGFwQmluZCkgezxicj6goKCgoKAgZXhpdCgmcXVv dDtMREFQIEJpbmQgZmFpbGVkJnF1b3Q7KTs8YnI+Cn08YnI+PGJyPmVjaG8gJnF1b3Q7V29ya3Mh Jmx0O2JyLyZndDsmcXVvdDs7PGJyPjxicj5sZGFwX3VuYmluZCgkbGRhcENvbm4pOzxicj48YnI+ cmV0dXJuIDA7PGJyPj8mZ3Q7PGJyPjxicj4tSGFyaXNoPGJyPjxicj48YnI+PGRpdiBjbGFzcz0i Z21haWxfcXVvdGUiPk9uIFNhdCwgU2VwIDI2LCAyMDA5IGF0IDE6MDQgQU0sIFpkZW5layBTdHli bGlrIDxzcGFuIGRpcj0ibHRyIj4mbHQ7PGEgaHJlZj0ibWFpbHRvOnN0eWJsYUB0dXJub3ZmcmVl Lm5ldCI+c3R5YmxhQHR1cm5vdmZyZWUubmV0PC9hPiZndDs8L3NwYW4+IHdyb3RlOjxicj4KPGJs b2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0iYm9yZGVyLWxlZnQ6IDFweCBzb2xp ZCByZ2IoMjA0LCAyMDQsIDIwNCk7IG1hcmdpbjogMHB0IDBwdCAwcHQgMC44ZXg7IHBhZGRpbmct bGVmdDogMWV4OyI+PGRpdiBjbGFzcz0iaW0iPkhhcmlzaCBDaGFrcmF2YXJ0aHkgd3JvdGU6PGJy PgomZ3Q7IEhlcmUgaXMgbW9yZSBpbmZvcm1hdGlvbjxicj4KJmd0OyAxLiBJIGFtIGJpbmRpbmcg dG8gQWN0aXZlIERpcmVjdG9yeSBmcm9tIFNvbGFyaXMgMTA8YnI+CiZndDsgMi4gTXkgcGhwX2lu Zm8gZ2l2ZXMgY29uZmlndXJlIG9wdGlvbnMgYXMgJiMzOTsuL2NvbmZpZ3VyZSYjMzk7PGJyPgom Z3Q7ICYjMzk7LS1wcmVmaXg9L2hvbWUvbG9jYWwvcGhwLTUuMi45JiMzOTsgJiMzOTstLXdpdGgt YXB4czI9L3BhdGgvYXBhY2hlMi9iaW4vYXB4cyYjMzk7PGJyPgomZ3Q7ICYjMzk7LS13aXRoLWxk YXAmIzM5OyAmIzM5Oy0td2l0aC1sZGFwLXNhc2wmIzM5OyAmIzM5Oy0td2l0aC1vcGVuc3NsPS91 c3IvbG9jYWwvc3NsJiMzOTs8YnI+CiZndDsgJiMzOTstLXdpdGgtbXlzcWw9L3Vzci9sb2NhbC9t eXNxbC8mIzM5OyAmIzM5Oy0td2l0aC1nZCYjMzk7PGJyPgomZ3Q7IDMuIFRoZSBQQVRIICZhbXA7 IExEX0xJQlJBUllfUEFUSCBsaXN0ZWQgdmlhIHBocF9pbmZvIG9uIHRoZSBicm93c2VyIGhhczxi cj4KJmd0OyBleGFjdGx5IHRoZSBzYW1lIHNldHRpbmdzIGFzIG15IHVzZXIgYWNjb3VudCAodGhh dCBleGVjdXRlcyB0aGUgc2NyaXB0PGJyPgomZ3Q7IGZyb20gY29tbWFuZCBsaW5lKTxicj4KJmd0 OyA0LiBJIGhhdmUgYSBsZGFwLmNvbmYgZmlsZSBpbnNpZGUgL29wdC9jc3cvZXRjL29wZW5sZGFw IC4gSG93ZXZlciB0aGlzPGJyPgomZ3Q7IGZpbGUgaXMgbm90IGJlaW5nIHVzZWQgYnkgdGhlIHNj cmlwdCAoY29tbWFuZCBsaW5lIG9yIHdlYikuIEkgcmVuYW1lIHRoZTxicj4KJmd0OyBmaWxlIGFu ZCBub3RoaW5nIGNoYW5nZXMhLjxicj4KJmd0OyA1LiBJIGhhdmUgYXBhY2hlIGNvbXBpbGVkIGZv ciBtb2Rfc3NsPGJyPgomZ3Q7PGJyPgomZ3Q7IFNob3VsZCBJIHJlY29tcGlsZSBBcGFjaGUgd2l0 aCBtb2RfbGRhcCBvciBhbnkgYWRkaXRpb25hbCBtb2R1bGVzIC0gSTxicj4KJmd0OyB1c2luZyBh IFBIUCBzY3JpcHQgb24gbXkgd2Vic2VydmVyIHRvIGdhdGhlciBsb2dpbiAmYW1wOyBwYXNzd29y ZCB0bzxicj4KJmd0OyBhdXRoZW50aWNhdGVkIGFnYWluc3QgQWN0aXZlIERpcmVjdG9yeT8uPGJy PgomZ3Q7PGJyPgomZ3Q7IFRoYW5rcyBhZ2FpbiBmb3IgeW91ciB0aW1lLjxicj4KJmd0Ozxicj4K Jmd0OyAtSGFyaXNoPGJyPgomZ3Q7PGJyPgomZ3Q7PGJyPgo8YnI+CjwvZGl2PkFsc28sIGRvZXMg VExTIHdvcmsgd2l0aCBMREFQIGl0c2VsZj88YnI+ClRoZXJlIGlzIGFsc28gY29tbWVudCBhdCA8 YSBocmVmPSJodHRwOi8vcGhwLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPnBocC5uZXQ8L2E+IHdoaWNo IHNheXM6PGJyPgo8YnI+CiZndDsgSWYgeW91ciB2ZXJzaW9uIHdhcyBsaW5rZWQgYWdhaW5zdCB0 aGUgT3BlbkxEQVAgbGlicmFyaWVzLCB5b3UgbWF5PGJyPgomZ3Q7IHdhbnQgdG8gbG9vayBhdCB0 aGUgbGRhcC5jb25mIGZpbGUgZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgc3BlY2lmeWluZzxi cj4KJmd0OyBTU0wvVExTIGJlaGF2aW9yLiBBcHBhcmVudGx5LCB0aGUgc2V0dGluZ3MgaW4gbGRh cC5jb25mIG1ha2UgYSBkaWZmZXJlbnQ8YnI+CiZndDsgaW4gdGhlIHdheSBTU0wvVExTIGlzIGhh bmRsZWQgYnkgUEhQLjxicj4KPGJyPgpQbGVhc2UsIGNoZWNrICZndDsmZ3Q7IDxhIGhyZWY9Imh0 dHA6Ly9tYXJjLmluZm8vP2w9cGhwLXdpbmRvd3MmYW1wO209MTE2MTI3ODczMzIxNzQ4JmFtcDt3 PTIiIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vbWFyYy5pbmZvLz9sPXBocC13aW5kb3dzJmFtcDtt PTExNjEyNzg3MzMyMTc0OCZhbXA7dz0yPC9hPjxicj4KPGRpdiBjbGFzcz0iaW0iPjxicj4KWmRl bmVrPGJyPgo8YnI+Ci0tPGJyPgpaZGVuZWsgU3R5Ymxpazxicj4KTmV0L0xpbnV4IGFkbWluPGJy PgpPUyBUdXJub3ZGcmVlLm5ldDxicj4KZW1haWw6IDxhIGhyZWY9Im1haWx0bzpzdHlibGFAdHVy bm92ZnJlZS5uZXQiPnN0eWJsYUB0dXJub3ZmcmVlLm5ldDwvYT48YnI+CmphYmJlcjogPGEgaHJl Zj0ibWFpbHRvOnN0eWJsYUBqYWJiZXIudHVybm92ZnJlZS5uZXQiPnN0eWJsYUBqYWJiZXIudHVy bm92ZnJlZS5uZXQ8L2E+PGJyPgo8YnI+CiZndDs8YnI+CiZndDs8YnI+CiZndDs8YnI+CjwvZGl2 PjxkaXYgY2xhc3M9ImltIj4mZ3Q7IE9uIFRodSwgU2VwIDI0LCAyMDA5IGF0IDU6NTkgQU0sIFpk ZW5layBTdHlibGlrICZsdDs8YSBocmVmPSJtYWlsdG86c3R5YmxhQHR1cm5vdmZyZWUubmV0Ij5z dHlibGFAdHVybm92ZnJlZS5uZXQ8L2E+PGJyPgo8L2Rpdj48ZGl2PjxkaXY+PC9kaXY+PGRpdiBj bGFzcz0iaDUiPiZndDsgJmx0O21haWx0bzo8YSBocmVmPSJtYWlsdG86c3R5YmxhQHR1cm5vdmZy ZWUubmV0Ij5zdHlibGFAdHVybm92ZnJlZS5uZXQ8L2E+Jmd0OyZndDsgd3JvdGU6PGJyPgomZ3Q7 PGJyPgomZ3Q7IKAgoCBIYXJpc2ggQ2hha3JhdmFydGh5IHdyb3RlOjxicj4KJmd0OyCgIKAgJmd0 OyBIZWxsbyBFdmVyeW9uZSw8YnI+CiZndDsgoCCgICZndDs8YnI+CiZndDsgoCCgICZndDsgR3Jl ZXRpbmdzLjxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAgJmd0OyBJIGFtIHVuYWJsZSB0 byBiaW5kIHRvIGFjdGl2ZSBkaXJlY3RvcnkgdXNpbmcgVExTLiBJIGdldCB0aGUgZm9sbG93aW5n PGJyPgomZ3Q7IKAgoCAmZ3Q7IGVycm9yIHdoaWxlIGV4ZWN1dGluZyBteSBzY3JpcHQgdmlhIHRo ZSBicm93c2VyPGJyPgomZ3Q7IKAgoCAmZ3Q7PGJyPgomZ3Q7IKAgoCAmZ3Q7IC8qUEhQIFdhcm5p bmc6IKBsZGFwX3N0YXJ0X3RscygpIFsmbHQ7YTxicj4KJmd0OyCgIKAgJmd0OyBocmVmPSYjMzk7 ZnVuY3Rpb24ubGRhcC1zdGFydC10bHMmIzM5OyZndDtmdW5jdGlvbi5sZGFwLXN0YXJ0LXRscyZs dDsvYSZndDtdOiBVbmFibGUgdG88YnI+CiZndDsgoCCgICZndDsgc3RhcnQgVExTOiBDb25uZWN0 IGVycm9yKi88YnI+CiZndDsgoCCgICZndDs8YnI+CiZndDsgoCCgICZndDsgVGhlIHNhbWUgc2Ny aXB0IHdoZW4gZXhlY3V0ZWQgZnJvbSB0aGUgY29tbWFuZCBsaW5lIHdvcmtzIS48YnI+CiZndDsg oCCgICZndDs8YnI+CiZndDsgoCCgICZndDsgSSBoYXZlIGNvbXBpbGVkIFBIUCB3aXRoIGZsYWdz IC0td2l0aC1sZGFwIKAtLXdpdGgtbGRhcC1zYXNsPGJyPgomZ3Q7IKAgoCAmZ3Q7IC0td2l0aC1v cGVuc3NsIKAuPGJyPgomZ3Q7IKAgoCAmZ3Q7PGJyPgomZ3Q7IKAgoCAmZ3Q7IENhbiB5b3UgaGVs cCBtZSBmdXJ0aGVyIHRyb3VibGUgc2hvb3QgdGhpcyBwcm9ibGVtPy48YnI+CiZndDsgoCCgICZn dDs8YnI+CiZndDsgoCCgICZndDsgVGhhbmtzPGJyPgomZ3Q7IKAgoCAmZ3Q7IEhhcmlzaDxicj4K Jmd0OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0 Ozxicj4KJmd0OyCgIKAgQW5kIHdoYXQgaGFzICZsdDs/cGhwIHBocF9pbmZvKCkgPyZndDsgdG8g c2F5PyBJIHRoaW5rIHRoZXJlIG1pZ2h0IGJlIHR3byAuaW5pPGJyPgomZ3Q7IKAgoCBmaWxlcyAt IG9uZSBmb3IgY29tbWFuZCBsaW5lIGFuZCBvbmUgZm9yIGh0dHBkIHBocCBtb2R1bGUuIFNvLCB0 aGlzIG9uZTxicj4KJmd0OyCgIKAgZm9yIGh0dHBkIG1pZ2h0IGJlIG1pc3Npbmc6PGJyPgomZ3Q7 IKAgoCBleHRlbnNpb249b3BlbnNzbC5zbzxicj4KJmd0OyCgIKAgZXh0ZW5zaW9uPWxkYXAuc288 YnI+CiZndDsgoCCgICZsdDt3aGF0ZXZlciBpcyBuZWVkZWQmZ3Q7PGJyPgomZ3Q7PGJyPgomZ3Q7 IKAgoCBSZWdhcmRzLDxicj4KJmd0OyCgIKAgWmRlbmVrPGJyPgomZ3Q7PGJyPgomZ3Q7IKAgoCAt LTxicj4KJmd0OyCgIKAgWmRlbmVrIFN0eWJsaWs8YnI+CiZndDsgoCCgIE5ldC9MaW51eCBhZG1p bjxicj4KJmd0OyCgIKAgT1MgVHVybm92RnJlZS5uZXQ8YnI+CjwvZGl2PjwvZGl2PiZndDsgoCCg IGVtYWlsOiA8YSBocmVmPSJtYWlsdG86c3R5YmxhQHR1cm5vdmZyZWUubmV0Ij5zdHlibGFAdHVy bm92ZnJlZS5uZXQ8L2E+ICZsdDttYWlsdG86PGEgaHJlZj0ibWFpbHRvOnN0eWJsYUB0dXJub3Zm cmVlLm5ldCI+c3R5YmxhQHR1cm5vdmZyZWUubmV0PC9hPiZndDs8YnI+CjxkaXYgY2xhc3M9Imlt Ij4mZ3Q7IKAgoCBqYWJiZXI6IDxhIGhyZWY9Im1haWx0bzpzdHlibGFAamFiYmVyLnR1cm5vdmZy ZWUubmV0Ij5zdHlibGFAamFiYmVyLnR1cm5vdmZyZWUubmV0PC9hPjxicj4KPC9kaXY+PGRpdj48 ZGl2PjwvZGl2PjxkaXYgY2xhc3M9Img1Ij4mZ3Q7IKAgoCAmbHQ7bWFpbHRvOjxhIGhyZWY9Im1h aWx0bzpzdHlibGFAamFiYmVyLnR1cm5vdmZyZWUubmV0Ij5zdHlibGFAamFiYmVyLnR1cm5vdmZy ZWUubmV0PC9hPiZndDs8YnI+CiZndDs8YnI+CiZndDs8YnI+CjwvZGl2PjwvZGl2PjwvYmxvY2tx dW90ZT48L2Rpdj48YnI+Cg== --===============1428543916175068916==-- From harishvc@gmail.com Tue Sep 29 19:25:43 2009 From: Harish Chakravarthy To: openldap-technical@openldap.org Subject: Re: Unable to bind to active directory using TLS Date: Tue, 29 Sep 2009 12:25:14 -0700 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2147161473446741021==" --===============2147161473446741021== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Everyone, My problem is solved, yeah !. The openssl libraries used by Apache mod_ssl and Php were different versions. I had to recompile Apache and Php to use the same version and everything worked!. -Harish On Sun, Sep 27, 2009 at 5:46 PM, Harish Chakravarthy wr= ote: > Hello Everyone, > > Below is my Php test script (minor modifications to Zdenek's script) . This > test script works from command line but not from the web. "TLS connect > failed!" is my error message when I execute the script via web. Any > assistance is welcome. > > Also my environment is Php using OpenLDAP on Solaris 10 connecting to > Active Directory. > > define('MYLDAP_HOST', 'ldap://my.server'); > define('MYLDAP_PORT', 389); > define('MYLDAP_BINDDN', 'CN=3Dsomething,OU=3DUsers,OU=3DAdministration,DC= =3Dedu'); > define('MYLDAP_PSWD', 'something); > > # Required for working via command line > putenv('LDAPTLS_REQCERT=3Dnever') or die('Failed to setup the env'); > > $ldapConn =3D ldap_connect(MYLDAP_HOST, MYLDAP_PORT); > if (!$ldapConn) { > exit("Unable to connect to LDAP server"); > } > if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) { > exit("Unable to set protocol version to v3"); > } > $tls =3D ldap_start_tls($ldapConn); > if (!$tls) { exit("TLS connect failed!"); } > $ldapBind =3D ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD); > if (!$ldapBind) { > exit("LDAP Bind failed"); > } > > echo "Works!
"; > > ldap_unbind($ldapConn); > > return 0; > ?> > > -Harish > > > > On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik wr= ote: > >> Harish Chakravarthy wrote: >> > Here is more information >> > 1. I am binding to Active Directory from Solaris 10 >> > 2. My php_info gives configure options as './configure' >> > '--prefix=3D/home/local/php-5.2.9' '--with-apxs2=3D/path/apache2/bin/apx= s' >> > '--with-ldap' '--with-ldap-sasl' '--with-openssl=3D/usr/local/ssl' >> > '--with-mysql=3D/usr/local/mysql/' '--with-gd' >> > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has >> > exactly the same settings as my user account (that executes the script >> > from command line) >> > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this >> > file is not being used by the script (command line or web). I rename the >> > file and nothing changes!. >> > 5. I have apache compiled for mod_ssl >> > >> > Should I recompile Apache with mod_ldap or any additional modules - I >> > using a PHP script on my webserver to gather login & password to >> > authenticated against Active Directory?. >> > >> > Thanks again for your time. >> > >> > -Harish >> > >> > >> >> Also, does TLS work with LDAP itself? >> There is also comment at php.net which says: >> >> > If your version was linked against the OpenLDAP libraries, you may >> > want to look at the ldap.conf file for more information about specifying >> > SSL/TLS behavior. Apparently, the settings in ldap.conf make a different >> > in the way SSL/TLS is handled by PHP. >> >> Please, check >> http://marc.info/?l=3Dphp-windows&m=3D116127873321748&w= =3D2 >> >> Zdenek >> >> -- >> Zdenek Styblik >> Net/Linux admin >> OS TurnovFree.net >> email: stybla(a)turnovfree.net >> jabber: stybla(a)jabber.turnovfree.net >> >> > >> > >> > >> > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik > > > wrote: >> > >> > Harish Chakravarthy wrote: >> > > Hello Everyone, >> > > >> > > Greetings. >> > > >> > > I am unable to bind to active directory using TLS. I get the >> following >> > > error while executing my script via the browser >> > > >> > > /*PHP Warning: ldap_start_tls() [> > > href=3D'function.ldap-start-tls'>function.ldap-start-tls]: >> Unable to >> > > start TLS: Connect error*/ >> > > >> > > The same script when executed from the command line works!. >> > > >> > > I have compiled PHP with flags --with-ldap --with-ldap-sasl >> > > --with-openssl . >> > > >> > > Can you help me further trouble shoot this problem?. >> > > >> > > Thanks >> > > Harish >> > > >> > > >> > > >> > >> > And what has to say? I think there might be two >> .ini >> > files - one for command line and one for httpd php module. So, this >> one >> > for httpd might be missing: >> > extension=3Dopenssl.so >> > extension=3Dldap.so >> > >> > >> > Regards, >> > Zdenek >> > >> > -- >> > Zdenek Styblik >> > Net/Linux admin >> > OS TurnovFree.net >> > email: stybla(a)turnovfree.net >> > jabber: stybla(a)jabber.turnovfree.net >> > >> > >> > >> > > --===============2147161473446741021== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 SGVsbG8gRXZlcnlvbmUsPGRpdj48YnI+PC9kaXY+PGRpdj5NeSBwcm9ibGVtIGlzIHNvbHZlZCwg eWVhaCAhLjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+VGhlIG9wZW5zc2wgbGlicmFyaWVzIHVz ZWQgYnkgQXBhY2hlIG1vZF9zc2wgYW5kIFBocCB3ZXJlIGRpZmZlcmVudCB2ZXJzaW9ucy4gSSBo YWQgdG8gcmVjb21waWxlIEFwYWNoZSBhbmQgUGhwIHRvIHVzZSB0aGUgc2FtZSB2ZXJzaW9uIGFu ZCBldmVyeXRoaW5nIHdvcmtlZCEuPC9kaXY+CjxkaXY+PGJyPjwvZGl2PjxkaXY+LUhhcmlzaDwv ZGl2PjxkaXY+PGJyPjxicj48ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gU3VuLCBTZXAgMjcs IDIwMDkgYXQgNTo0NiBQTSwgSGFyaXNoIENoYWtyYXZhcnRoeSA8c3BhbiBkaXI9Imx0ciI+Jmx0 OzxhIGhyZWY9Im1haWx0bzpoYXJpc2h2Y0BnbWFpbC5jb20iPmhhcmlzaHZjQGdtYWlsLmNvbTwv YT4mZ3Q7PC9zcGFuPiB3cm90ZTo8YnI+CjxibG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIg c3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2JvcmRlci1sZWZ0OjFweCAjY2NjIHNvbGlkO3BhZGRp bmctbGVmdDoxZXg7Ij5IZWxsbyBFdmVyeW9uZSw8YnI+PGJyPkJlbG93IGlzIG15IFBocCB0ZXN0 IHNjcmlwdCAobWlub3IgbW9kaWZpY2F0aW9ucyB0byBaZGVuZWsmIzM5O3Mgc2NyaXB0KSAuIFRo aXMgdGVzdCBzY3JpcHQgd29ya3MgZnJvbSBjb21tYW5kIGxpbmUgYnV0IG5vdCBmcm9tIHRoZSB3 ZWIuICZxdW90O1RMUyBjb25uZWN0IGZhaWxlZCEmcXVvdDsgaXMgbXkgZXJyb3IgbWVzc2FnZSB3 aGVuIEkgZXhlY3V0ZSB0aGUgc2NyaXB0IHZpYSB3ZWIuIEFueSBhc3Npc3RhbmNlIGlzIHdlbGNv bWUuPGJyPgoKPGJyPkFsc28gbXkgZW52aXJvbm1lbnQgaXMgUGhwIHVzaW5noCBPcGVuTERBUCBv biBTb2xhcmlzIDEwIGNvbm5lY3RpbmcgdG8gQWN0aXZlIERpcmVjdG9yeS48YnI+PGJyPiZsdDs/ cGhwPGJyPmRlZmluZSgmIzM5O01ZTERBUF9IT1NUJiMzOTssICYjMzk7bGRhcDovL215LnNlcnZl ciYjMzk7KTs8YnI+ZGVmaW5lKCYjMzk7TVlMREFQX1BPUlQmIzM5OywgMzg5KTs8YnI+ZGVmaW5l KCYjMzk7TVlMREFQX0JJTkRETiYjMzk7LCAmIzM5O0NOPXNvbWV0aGluZyxPVT1Vc2VycyxPVT1B ZG1pbmlzdHJhdGlvbixEQz1lZHUmIzM5Oyk7PGJyPgoKZGVmaW5lKCYjMzk7TVlMREFQX1BTV0Qm IzM5OywgJiMzOTtzb21ldGhpbmcpOzxicj48YnI+IyBSZXF1aXJlZCBmb3Igd29ya2luZyB2aWEg Y29tbWFuZCBsaW5lPGJyPnB1dGVudigmIzM5O0xEQVBUTFNfUkVRQ0VSVD1uZXZlciYjMzk7KSBv ciBkaWUoJiMzOTtGYWlsZWQgdG8gc2V0dXAgdGhlIGVudiYjMzk7KTs8ZGl2IGNsYXNzPSJpbSI+ PGJyPjxicj4kbGRhcENvbm4gPSBsZGFwX2Nvbm5lY3QoTVlMREFQX0hPU1QsIE1ZTERBUF9QT1JU KTs8YnI+CgppZiAoISRsZGFwQ29ubikgezxicj6goKCgoKAgZXhpdCgmcXVvdDtVbmFibGUgdG8g Y29ubmVjdCB0byBMREFQIHNlcnZlciZxdW90Oyk7PGJyPn08YnI+aWYgKCFsZGFwX3NldF9vcHRp b24oJGxkYXBDb25uLCBMREFQX09QVF9QUk9UT0NPTF9WRVJTSU9OLCAzKSkgezxicj6goKCgoKAg ZXhpdCgmcXVvdDtVbmFibGUgdG8gc2V0IHByb3RvY29sIHZlcnNpb24gdG8gdjMmcXVvdDspOzxi cj4KCn08YnI+PC9kaXY+JHRscyA9IGxkYXBfc3RhcnRfdGxzKCRsZGFwQ29ubik7PGJyPmlmICgh JHRscykgeyBleGl0KCZxdW90O1RMUyBjb25uZWN0IGZhaWxlZCEmcXVvdDspOyB9PGRpdiBjbGFz cz0iaW0iPjxicj4kbGRhcEJpbmQgPSBsZGFwX2JpbmQoJGxkYXBDb25uLCBNWUxEQVBfQklORERO LCBNWUxEQVBfUFNXRCk7PGJyPmlmICghJGxkYXBCaW5kKSB7PGJyPqCgoKCgoCBleGl0KCZxdW90 O0xEQVAgQmluZCBmYWlsZWQmcXVvdDspOzxicj4KCn08YnI+PGJyPjwvZGl2PmVjaG8gJnF1b3Q7 V29ya3MhJmx0O2JyLyZndDsmcXVvdDs7PGJyPjxicj5sZGFwX3VuYmluZCgkbGRhcENvbm4pOzxi cj48YnI+cmV0dXJuIDA7PGJyPj8mZ3Q7PGJyPjxmb250IGNvbG9yPSIjODg4ODg4Ij48YnI+LUhh cmlzaDwvZm9udD48ZGl2PjxkaXY+PC9kaXY+PGRpdiBjbGFzcz0iaDUiPjxicj48YnI+PGJyPjxk aXYgY2xhc3M9ImdtYWlsX3F1b3RlIj4KT24gU2F0LCBTZXAgMjYsIDIwMDkgYXQgMTowNCBBTSwg WmRlbmVrIFN0eWJsaWsgPHNwYW4gZGlyPSJsdHIiPiZsdDs8YSBocmVmPSJtYWlsdG86c3R5Ymxh QHR1cm5vdmZyZWUubmV0IiB0YXJnZXQ9Il9ibGFuayI+c3R5YmxhQHR1cm5vdmZyZWUubmV0PC9h PiZndDs8L3NwYW4+IHdyb3RlOjxicj4KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBz dHlsZT0iYm9yZGVyLWxlZnQ6MXB4IHNvbGlkIHJnYigyMDQsIDIwNCwgMjA0KTttYXJnaW46MHB0 IDBwdCAwcHQgMC44ZXg7cGFkZGluZy1sZWZ0OjFleCI+PGRpdj5IYXJpc2ggQ2hha3JhdmFydGh5 IHdyb3RlOjxicj4KJmd0OyBIZXJlIGlzIG1vcmUgaW5mb3JtYXRpb248YnI+CiZndDsgMS4gSSBh bSBiaW5kaW5nIHRvIEFjdGl2ZSBEaXJlY3RvcnkgZnJvbSBTb2xhcmlzIDEwPGJyPgomZ3Q7IDIu IE15IHBocF9pbmZvIGdpdmVzIGNvbmZpZ3VyZSBvcHRpb25zIGFzICYjMzk7Li9jb25maWd1cmUm IzM5Ozxicj4KJmd0OyAmIzM5Oy0tcHJlZml4PS9ob21lL2xvY2FsL3BocC01LjIuOSYjMzk7ICYj Mzk7LS13aXRoLWFweHMyPS9wYXRoL2FwYWNoZTIvYmluL2FweHMmIzM5Ozxicj4KJmd0OyAmIzM5 Oy0td2l0aC1sZGFwJiMzOTsgJiMzOTstLXdpdGgtbGRhcC1zYXNsJiMzOTsgJiMzOTstLXdpdGgt b3BlbnNzbD0vdXNyL2xvY2FsL3NzbCYjMzk7PGJyPgomZ3Q7ICYjMzk7LS13aXRoLW15c3FsPS91 c3IvbG9jYWwvbXlzcWwvJiMzOTsgJiMzOTstLXdpdGgtZ2QmIzM5Ozxicj4KJmd0OyAzLiBUaGUg UEFUSCAmYW1wOyBMRF9MSUJSQVJZX1BBVEggbGlzdGVkIHZpYSBwaHBfaW5mbyBvbiB0aGUgYnJv d3NlciBoYXM8YnI+CiZndDsgZXhhY3RseSB0aGUgc2FtZSBzZXR0aW5ncyBhcyBteSB1c2VyIGFj Y291bnQgKHRoYXQgZXhlY3V0ZXMgdGhlIHNjcmlwdDxicj4KJmd0OyBmcm9tIGNvbW1hbmQgbGlu ZSk8YnI+CiZndDsgNC4gSSBoYXZlIGEgbGRhcC5jb25mIGZpbGUgaW5zaWRlIC9vcHQvY3N3L2V0 Yy9vcGVubGRhcCAuIEhvd2V2ZXIgdGhpczxicj4KJmd0OyBmaWxlIGlzIG5vdCBiZWluZyB1c2Vk IGJ5IHRoZSBzY3JpcHQgKGNvbW1hbmQgbGluZSBvciB3ZWIpLiBJIHJlbmFtZSB0aGU8YnI+CiZn dDsgZmlsZSBhbmQgbm90aGluZyBjaGFuZ2VzIS48YnI+CiZndDsgNS4gSSBoYXZlIGFwYWNoZSBj b21waWxlZCBmb3IgbW9kX3NzbDxicj4KJmd0Ozxicj4KJmd0OyBTaG91bGQgSSByZWNvbXBpbGUg QXBhY2hlIHdpdGggbW9kX2xkYXAgb3IgYW55IGFkZGl0aW9uYWwgbW9kdWxlcyAtIEk8YnI+CiZn dDsgdXNpbmcgYSBQSFAgc2NyaXB0IG9uIG15IHdlYnNlcnZlciB0byBnYXRoZXIgbG9naW4gJmFt cDsgcGFzc3dvcmQgdG88YnI+CiZndDsgYXV0aGVudGljYXRlZCBhZ2FpbnN0IEFjdGl2ZSBEaXJl Y3Rvcnk/Ljxicj4KJmd0Ozxicj4KJmd0OyBUaGFua3MgYWdhaW4gZm9yIHlvdXIgdGltZS48YnI+ CiZndDs8YnI+CiZndDsgLUhhcmlzaDxicj4KJmd0Ozxicj4KJmd0Ozxicj4KPGJyPgo8L2Rpdj5B bHNvLCBkb2VzIFRMUyB3b3JrIHdpdGggTERBUCBpdHNlbGY/PGJyPgpUaGVyZSBpcyBhbHNvIGNv bW1lbnQgYXQgPGEgaHJlZj0iaHR0cDovL3BocC5uZXQiIHRhcmdldD0iX2JsYW5rIj5waHAubmV0 PC9hPiB3aGljaCBzYXlzOjxicj4KPGJyPgomZ3Q7IElmIHlvdXIgdmVyc2lvbiB3YXMgbGlua2Vk IGFnYWluc3QgdGhlIE9wZW5MREFQIGxpYnJhcmllcywgeW91IG1heTxicj4KJmd0OyB3YW50IHRv IGxvb2sgYXQgdGhlIGxkYXAuY29uZiBmaWxlIGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IHNw ZWNpZnlpbmc8YnI+CiZndDsgU1NML1RMUyBiZWhhdmlvci4gQXBwYXJlbnRseSwgdGhlIHNldHRp bmdzIGluIGxkYXAuY29uZiBtYWtlIGEgZGlmZmVyZW50PGJyPgomZ3Q7IGluIHRoZSB3YXkgU1NM L1RMUyBpcyBoYW5kbGVkIGJ5IFBIUC48YnI+Cjxicj4KUGxlYXNlLCBjaGVjayAmZ3Q7Jmd0OyA8 YSBocmVmPSJodHRwOi8vbWFyYy5pbmZvLz9sPXBocC13aW5kb3dzJmFtcDttPTExNjEyNzg3MzMy MTc0OCZhbXA7dz0yIiB0YXJnZXQ9Il9ibGFuayI+aHR0cDovL21hcmMuaW5mby8/bD1waHAtd2lu ZG93cyZhbXA7bT0xMTYxMjc4NzMzMjE3NDgmYW1wO3c9MjwvYT48YnI+CjxkaXY+PGJyPgpaZGVu ZWs8YnI+Cjxicj4KLS08YnI+ClpkZW5layBTdHlibGlrPGJyPgpOZXQvTGludXggYWRtaW48YnI+ Ck9TIFR1cm5vdkZyZWUubmV0PGJyPgplbWFpbDogPGEgaHJlZj0ibWFpbHRvOnN0eWJsYUB0dXJu b3ZmcmVlLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPnN0eWJsYUB0dXJub3ZmcmVlLm5ldDwvYT48YnI+ CmphYmJlcjogPGEgaHJlZj0ibWFpbHRvOnN0eWJsYUBqYWJiZXIudHVybm92ZnJlZS5uZXQiIHRh cmdldD0iX2JsYW5rIj5zdHlibGFAamFiYmVyLnR1cm5vdmZyZWUubmV0PC9hPjxicj4KPGJyPgom Z3Q7PGJyPgomZ3Q7PGJyPgomZ3Q7PGJyPgo8L2Rpdj48ZGl2PiZndDsgT24gVGh1LCBTZXAgMjQs IDIwMDkgYXQgNTo1OSBBTSwgWmRlbmVrIFN0eWJsaWsgJmx0OzxhIGhyZWY9Im1haWx0bzpzdHli bGFAdHVybm92ZnJlZS5uZXQiIHRhcmdldD0iX2JsYW5rIj5zdHlibGFAdHVybm92ZnJlZS5uZXQ8 L2E+PGJyPgo8L2Rpdj48ZGl2PjxkaXY+PC9kaXY+PGRpdj4mZ3Q7ICZsdDttYWlsdG86PGEgaHJl Zj0ibWFpbHRvOnN0eWJsYUB0dXJub3ZmcmVlLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPnN0eWJsYUB0 dXJub3ZmcmVlLm5ldDwvYT4mZ3Q7Jmd0OyB3cm90ZTo8YnI+CiZndDs8YnI+CiZndDsgoCCgIEhh cmlzaCBDaGFrcmF2YXJ0aHkgd3JvdGU6PGJyPgomZ3Q7IKAgoCAmZ3Q7IEhlbGxvIEV2ZXJ5b25l LDxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAgJmd0OyBHcmVldGluZ3MuPGJyPgomZ3Q7 IKAgoCAmZ3Q7PGJyPgomZ3Q7IKAgoCAmZ3Q7IEkgYW0gdW5hYmxlIHRvIGJpbmQgdG8gYWN0aXZl IGRpcmVjdG9yeSB1c2luZyBUTFMuIEkgZ2V0IHRoZSBmb2xsb3dpbmc8YnI+CiZndDsgoCCgICZn dDsgZXJyb3Igd2hpbGUgZXhlY3V0aW5nIG15IHNjcmlwdCB2aWEgdGhlIGJyb3dzZXI8YnI+CiZn dDsgoCCgICZndDs8YnI+CiZndDsgoCCgICZndDsgLypQSFAgV2FybmluZzogoGxkYXBfc3RhcnRf dGxzKCkgWyZsdDthPGJyPgomZ3Q7IKAgoCAmZ3Q7IGhyZWY9JiMzOTtmdW5jdGlvbi5sZGFwLXN0 YXJ0LXRscyYjMzk7Jmd0O2Z1bmN0aW9uLmxkYXAtc3RhcnQtdGxzJmx0Oy9hJmd0O106IFVuYWJs ZSB0bzxicj4KJmd0OyCgIKAgJmd0OyBzdGFydCBUTFM6IENvbm5lY3QgZXJyb3IqLzxicj4KJmd0 OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAgJmd0OyBUaGUgc2FtZSBzY3JpcHQgd2hlbiBleGVjdXRl ZCBmcm9tIHRoZSBjb21tYW5kIGxpbmUgd29ya3MhLjxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0 OyCgIKAgJmd0OyBJIGhhdmUgY29tcGlsZWQgUEhQIHdpdGggZmxhZ3MgLS13aXRoLWxkYXAgoC0t d2l0aC1sZGFwLXNhc2w8YnI+CiZndDsgoCCgICZndDsgLS13aXRoLW9wZW5zc2wgoC48YnI+CiZn dDsgoCCgICZndDs8YnI+CiZndDsgoCCgICZndDsgQ2FuIHlvdSBoZWxwIG1lIGZ1cnRoZXIgdHJv dWJsZSBzaG9vdCB0aGlzIHByb2JsZW0/Ljxicj4KJmd0OyCgIKAgJmd0Ozxicj4KJmd0OyCgIKAg Jmd0OyBUaGFua3M8YnI+CiZndDsgoCCgICZndDsgSGFyaXNoPGJyPgomZ3Q7IKAgoCAmZ3Q7PGJy PgomZ3Q7IKAgoCAmZ3Q7PGJyPgomZ3Q7IKAgoCAmZ3Q7PGJyPgomZ3Q7PGJyPgomZ3Q7IKAgoCBB bmQgd2hhdCBoYXMgJmx0Oz9waHAgcGhwX2luZm8oKSA/Jmd0OyB0byBzYXk/IEkgdGhpbmsgdGhl cmUgbWlnaHQgYmUgdHdvIC5pbmk8YnI+CiZndDsgoCCgIGZpbGVzIC0gb25lIGZvciBjb21tYW5k IGxpbmUgYW5kIG9uZSBmb3IgaHR0cGQgcGhwIG1vZHVsZS4gU28sIHRoaXMgb25lPGJyPgomZ3Q7 IKAgoCBmb3IgaHR0cGQgbWlnaHQgYmUgbWlzc2luZzo8YnI+CiZndDsgoCCgIGV4dGVuc2lvbj1v cGVuc3NsLnNvPGJyPgomZ3Q7IKAgoCBleHRlbnNpb249bGRhcC5zbzxicj4KJmd0OyCgIKAgJmx0 O3doYXRldmVyIGlzIG5lZWRlZCZndDs8YnI+CiZndDs8YnI+CiZndDsgoCCgIFJlZ2FyZHMsPGJy PgomZ3Q7IKAgoCBaZGVuZWs8YnI+CiZndDs8YnI+CiZndDsgoCCgIC0tPGJyPgomZ3Q7IKAgoCBa ZGVuZWsgU3R5Ymxpazxicj4KJmd0OyCgIKAgTmV0L0xpbnV4IGFkbWluPGJyPgomZ3Q7IKAgoCBP UyBUdXJub3ZGcmVlLm5ldDxicj4KPC9kaXY+PC9kaXY+Jmd0OyCgIKAgZW1haWw6IDxhIGhyZWY9 Im1haWx0bzpzdHlibGFAdHVybm92ZnJlZS5uZXQiIHRhcmdldD0iX2JsYW5rIj5zdHlibGFAdHVy bm92ZnJlZS5uZXQ8L2E+ICZsdDttYWlsdG86PGEgaHJlZj0ibWFpbHRvOnN0eWJsYUB0dXJub3Zm cmVlLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPnN0eWJsYUB0dXJub3ZmcmVlLm5ldDwvYT4mZ3Q7PGJy Pgo8ZGl2PiZndDsgoCCgIGphYmJlcjogPGEgaHJlZj0ibWFpbHRvOnN0eWJsYUBqYWJiZXIudHVy bm92ZnJlZS5uZXQiIHRhcmdldD0iX2JsYW5rIj5zdHlibGFAamFiYmVyLnR1cm5vdmZyZWUubmV0 PC9hPjxicj4KPC9kaXY+PGRpdj48ZGl2PjwvZGl2PjxkaXY+Jmd0OyCgIKAgJmx0O21haWx0bzo8 YSBocmVmPSJtYWlsdG86c3R5YmxhQGphYmJlci50dXJub3ZmcmVlLm5ldCIgdGFyZ2V0PSJfYmxh bmsiPnN0eWJsYUBqYWJiZXIudHVybm92ZnJlZS5uZXQ8L2E+Jmd0Ozxicj4KJmd0Ozxicj4KJmd0 Ozxicj4KPC9kaXY+PC9kaXY+PC9ibG9ja3F1b3RlPjwvZGl2Pjxicj4KPC9kaXY+PC9kaXY+PC9i bG9ja3F1b3RlPjwvZGl2Pjxicj48L2Rpdj4K --===============2147161473446741021==--