Hello Everyone,
My problem is solved, yeah !.
The openssl libraries used by Apache mod_ssl and Php were different
versions. I had to recompile Apache and Php to use the same version and
everything worked!.
-Harish
On Sun, Sep 27, 2009 at 5:46 PM, Harish Chakravarthy <harishvc(a)gmail.com>wrote:
Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This
test script works from command line but not from the web. "TLS connect
failed!" is my error message when I execute the script via web. Any
assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to
Active Directory.
<?php
define('MYLDAP_HOST', 'ldap://my.server');
define('MYLDAP_PORT', 389);
define('MYLDAP_BINDDN',
'CN=something,OU=Users,OU=Administration,DC=edu');
define('MYLDAP_PSWD', 'something);
# Required for working via command line
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT);
if (!$ldapConn) {
exit("Unable to connect to LDAP server");
}
if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
exit("Unable to set protocol version to v3");
}
$tls = ldap_start_tls($ldapConn);
if (!$tls) { exit("TLS connect failed!"); }
$ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD);
if (!$ldapBind) {
exit("LDAP Bind failed");
}
echo "Works!<br/>";
ldap_unbind($ldapConn);
return 0;
?>
-Harish
On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik <stybla(a)turnovfree.net>wrote:
> Harish Chakravarthy wrote:
> > Here is more information
> > 1. I am binding to Active Directory from Solaris 10
> > 2. My php_info gives configure options as './configure'
> > '--prefix=/home/local/php-5.2.9'
'--with-apxs2=/path/apache2/bin/apxs'
> > '--with-ldap' '--with-ldap-sasl'
'--with-openssl=/usr/local/ssl'
> > '--with-mysql=/usr/local/mysql/' '--with-gd'
> > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
> > exactly the same settings as my user account (that executes the script
> > from command line)
> > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
> > file is not being used by the script (command line or web). I rename the
> > file and nothing changes!.
> > 5. I have apache compiled for mod_ssl
> >
> > Should I recompile Apache with mod_ldap or any additional modules - I
> > using a PHP script on my webserver to gather login & password to
> > authenticated against Active Directory?.
> >
> > Thanks again for your time.
> >
> > -Harish
> >
> >
>
> Also, does TLS work with LDAP itself?
> There is also comment at
php.net which says:
>
> > If your version was linked against the OpenLDAP libraries, you may
> > want to look at the ldap.conf file for more information about specifying
> > SSL/TLS behavior. Apparently, the settings in ldap.conf make a different
> > in the way SSL/TLS is handled by PHP.
>
> Please, check >>
http://marc.info/?l=php-windows&m=116127873321748&w=2
>
> Zdenek
>
> --
> Zdenek Styblik
> Net/Linux admin
> OS
TurnovFree.net
> email: stybla(a)turnovfree.net
> jabber: stybla(a)jabber.turnovfree.net
>
> >
> >
> >
> > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net
> > <mailto:stybla@turnovfree.net>> wrote:
> >
> > Harish Chakravarthy wrote:
> > > Hello Everyone,
> > >
> > > Greetings.
> > >
> > > I am unable to bind to active directory using TLS. I get the
> following
> > > error while executing my script via the browser
> > >
> > > /*PHP Warning: ldap_start_tls() [<a
> > >
href='function.ldap-start-tls'>function.ldap-start-tls</a>]:
> Unable to
> > > start TLS: Connect error*/
> > >
> > > The same script when executed from the command line works!.
> > >
> > > I have compiled PHP with flags --with-ldap --with-ldap-sasl
> > > --with-openssl .
> > >
> > > Can you help me further trouble shoot this problem?.
> > >
> > > Thanks
> > > Harish
> > >
> > >
> > >
> >
> > And what has <?php php_info() ?> to say? I think there might be two
> .ini
> > files - one for command line and one for httpd php module. So, this
> one
> > for httpd might be missing:
> > extension=openssl.so
> > extension=ldap.so
> > <whatever is needed>
> >
> > Regards,
> > Zdenek
> >
> > --
> > Zdenek Styblik
> > Net/Linux admin
> > OS
TurnovFree.net
> > email: stybla(a)turnovfree.net <mailto:stybla@turnovfree.net>
> > jabber: stybla(a)jabber.turnovfree.net
> > <mailto:stybla@jabber.turnovfree.net>
> >
> >
>