Hello Everyone,
Greetings.
I am unable to bind to active directory using TLS. I get the following error while executing my script via the browser
*PHP Warning: ldap_start_tls() [<a href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start TLS: Connect error*
The same script when executed from the command line works!.
I have compiled PHP with flags --with-ldap --with-ldap-sasl --with-openssl .
Can you help me further trouble shoot this problem?.
Thanks Harish
Harish Chakravarthy wrote:
Hello Everyone,
Greetings.
I am unable to bind to active directory using TLS. I get the following error while executing my script via the browser
/*PHP Warning: ldap_start_tls() [<a href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start TLS: Connect error*/
The same script when executed from the command line works!.
I have compiled PHP with flags --with-ldap --with-ldap-sasl --with-openssl .
Can you help me further trouble shoot this problem?.
Thanks Harish
And what has <?php php_info() ?> to say? I think there might be two .ini files - one for command line and one for httpd php module. So, this one for httpd might be missing: extension=openssl.so extension=ldap.so <whatever is needed>
Regards, Zdenek
Here is more information 1. I am binding to Active Directory from Solaris 10 2. My php_info gives configure options as './configure' '--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' '--with-mysql=/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?.
Thanks again for your time.
-Harish
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik stybla@turnovfree.netwrote:
Harish Chakravarthy wrote:
Hello Everyone,
Greetings.
I am unable to bind to active directory using TLS. I get the following error while executing my script via the browser
/*PHP Warning: ldap_start_tls() [<a href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start TLS: Connect error*/
The same script when executed from the command line works!.
I have compiled PHP with flags --with-ldap --with-ldap-sasl --with-openssl .
Can you help me further trouble shoot this problem?.
Thanks Harish
And what has <?php php_info() ?> to say? I think there might be two .ini files - one for command line and one for httpd php module. So, this one for httpd might be missing: extension=openssl.so extension=ldap.so
<whatever is needed>
Regards, Zdenek
-- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Harish Chakravarthy wrote:
Here is more information
- I am binding to Active Directory from Solaris 10
- My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' '--with-mysql=/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?.
Thanks again for your time.
-Harish
Hello,
I'm sorry, I should have read better. I replied in haste and- Can you please code I've attached? It should be sufficient just to supply credentials. I've tested it and, although I can't make an LDAP connection from console [I've messed something in PHP; ignore], it works for me via WEB [I can see 'OK']. I'm not sure why I've put comments about TLS being buggy [probably something in PHP documentation?], but the code [PHP] works with LDAP TLS just fine.
I don't think you need mod_ldap in Apache, as this one should serve for direct interaction of httpd<-->LDAP [imao].
Let me know, Zdenek
- -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla@turnovfree.net mailto:stybla@turnovfree.net> wrote:
Harish Chakravarthy wrote: > Hello Everyone, > > Greetings. > > I am unable to bind to active directory using TLS. I get the following > error while executing my script via the browser > > /*PHP Warning: ldap_start_tls() [<a > href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to > start TLS: Connect error*/ > > The same script when executed from the command line works!. > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > --with-openssl . > > Can you help me further trouble shoot this problem?. > > Thanks > Harish > > > And what has <?php php_info() ?> to say? I think there might be two .ini files - one for command line and one for httpd php module. So, this one for httpd might be missing: extension=openssl.so extension=ldap.so <whatever is needed> Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net <mailto:stybla@turnovfree.net> jabber: stybla@jabber.turnovfree.net <mailto:stybla@jabber.turnovfree.net>
Harish Chakravarthy wrote:
Here is more information
- I am binding to Active Directory from Solaris 10
- My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' '--with-mysql=/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?.
Thanks again for your time.
-Harish
Also, does TLS work with LDAP itself? There is also comment at php.net which says:
If your version was linked against the OpenLDAP libraries, you may want to look at the ldap.conf file for more information about specifying SSL/TLS behavior. Apparently, the settings in ldap.conf make a different in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This test script works from command line but not from the web. "TLS connect failed!" is my error message when I execute the script via web. Any assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to Active Directory.
<?php define('MYLDAP_HOST', 'ldap://my.server'); define('MYLDAP_PORT', 389); define('MYLDAP_BINDDN', 'CN=something,OU=Users,OU=Administration,DC=edu'); define('MYLDAP_PSWD', 'something);
# Required for working via command line putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT); if (!$ldapConn) { exit("Unable to connect to LDAP server"); } if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) { exit("Unable to set protocol version to v3"); } $tls = ldap_start_tls($ldapConn); if (!$tls) { exit("TLS connect failed!"); } $ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD); if (!$ldapBind) { exit("LDAP Bind failed"); }
echo "Works!<br/>";
ldap_unbind($ldapConn);
return 0; ?>
-Harish
On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik stybla@turnovfree.netwrote:
Harish Chakravarthy wrote:
Here is more information
- I am binding to Active Directory from Solaris 10
- My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' '--with-mysql=/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?.
Thanks again for your time.
-Harish
Also, does TLS work with LDAP itself? There is also comment at php.net which says:
If your version was linked against the OpenLDAP libraries, you may want to look at the ldap.conf file for more information about specifying SSL/TLS behavior. Apparently, the settings in ldap.conf make a different in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
-- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla@turnovfree.net mailto:stybla@turnovfree.net> wrote:
Harish Chakravarthy wrote: > Hello Everyone, > > Greetings. > > I am unable to bind to active directory using TLS. I get thefollowing
> error while executing my script via the browser > > /*PHP Warning: ldap_start_tls() [<a > href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unableto
> start TLS: Connect error*/ > > The same script when executed from the command line works!. > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > --with-openssl . > > Can you help me further trouble shoot this problem?. > > Thanks > Harish > > > And what has <?php php_info() ?> to say? I think there might be two.ini
files - one for command line and one for httpd php module. So, thisone
for httpd might be missing: extension=openssl.so extension=ldap.so <whatever is needed> Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net <mailto:stybla@turnovfree.net> jabber: stybla@jabber.turnovfree.net <mailto:stybla@jabber.turnovfree.net>
Hello Everyone, My problem is solved, yeah !.
The openssl libraries used by Apache mod_ssl and Php were different versions. I had to recompile Apache and Php to use the same version and everything worked!.
-Harish
On Sun, Sep 27, 2009 at 5:46 PM, Harish Chakravarthy harishvc@gmail.comwrote:
Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This test script works from command line but not from the web. "TLS connect failed!" is my error message when I execute the script via web. Any assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to Active Directory.
<?php define('MYLDAP_HOST', 'ldap://my.server'); define('MYLDAP_PORT', 389); define('MYLDAP_BINDDN', 'CN=something,OU=Users,OU=Administration,DC=edu'); define('MYLDAP_PSWD', 'something); # Required for working via command line putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env'); $ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT); if (!$ldapConn) { exit("Unable to connect to LDAP server"); } if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) { exit("Unable to set protocol version to v3"); } $tls = ldap_start_tls($ldapConn); if (!$tls) { exit("TLS connect failed!"); } $ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD); if (!$ldapBind) { exit("LDAP Bind failed"); } echo "Works!<br/>"; ldap_unbind($ldapConn); return 0; ?>
-Harish
On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik stybla@turnovfree.netwrote:
Harish Chakravarthy wrote:
Here is more information
- I am binding to Active Directory from Solaris 10
- My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs' '--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl' '--with-mysql=/usr/local/mysql/' '--with-gd' 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly the same settings as my user account (that executes the script from command line) 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file is not being used by the script (command line or web). I rename the file and nothing changes!. 5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using a PHP script on my webserver to gather login & password to authenticated against Active Directory?.
Thanks again for your time.
-Harish
Also, does TLS work with LDAP itself? There is also comment at php.net which says:
If your version was linked against the OpenLDAP libraries, you may want to look at the ldap.conf file for more information about specifying SSL/TLS behavior. Apparently, the settings in ldap.conf make a different in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
-- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla@turnovfree.net mailto:stybla@turnovfree.net> wrote:
Harish Chakravarthy wrote: > Hello Everyone, > > Greetings. > > I am unable to bind to active directory using TLS. I get thefollowing
> error while executing my script via the browser > > /*PHP Warning: ldap_start_tls() [<a > href='function.ldap-start-tls'>function.ldap-start-tls</a>]:Unable to
> start TLS: Connect error*/ > > The same script when executed from the command line works!. > > I have compiled PHP with flags --with-ldap --with-ldap-sasl > --with-openssl . > > Can you help me further trouble shoot this problem?. > > Thanks > Harish > > > And what has <?php php_info() ?> to say? I think there might be two.ini
files - one for command line and one for httpd php module. So, thisone
for httpd might be missing: extension=openssl.so extension=ldap.so <whatever is needed> Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net <mailto:stybla@turnovfree.net> jabber: stybla@jabber.turnovfree.net <mailto:stybla@jabber.turnovfree.net>
openldap-technical@openldap.org
-
Harish Chakravarthy -
Zdenek Styblik