8:26 a.m.
Hello Everyone,
Greetings.
I am unable to bind to active directory using TLS. I get the following error
while executing my script via the browser
*PHP Warning: ldap_start_tls() [<a
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to
start
TLS: Connect error*
The same script when executed from the command line works!.
I have compiled PHP with flags --with-ldap --with-ldap-sasl --with-openssl
.
Can you help me further trouble shoot this problem?.
Thanks
Harish
5:59 a.m.
Harish Chakravarthy wrote:
Hello Everyone,
Greetings.
I am unable to bind to active directory using TLS. I get the following
error while executing my script via the browser
/*PHP Warning: ldap_start_tls() [<a
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to
start TLS: Connect error*/
The same script when executed from the command line works!.
I have compiled PHP with flags --with-ldap --with-ldap-sasl
--with-openssl .
Can you help me further trouble shoot this problem?.
Thanks
Harish
And what has <?php php_info() ?> to say? I think there might be two .ini
files - one for command line and one for httpd php module. So, this one
for httpd might be missing:
extension=openssl.so
extension=ldap.so
<whatever is needed>
Regards,
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net
3:45 p.m.
Here is more information
1. I am binding to Active Directory from Solaris 10
2. My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
'--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
'--with-mysql=/usr/local/mysql/' '--with-gd'
3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has exactly
the same settings as my user account (that executes the script from command
line)
4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this file
is not being used by the script (command line or web). I rename the file and
nothing changes!.
5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I using
a PHP script on my webserver to gather login & password to authenticated
against Active Directory?.
Thanks again for your time.
-Harish
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net>wrote:
Harish Chakravarthy wrote:
> Hello Everyone,
>
> Greetings.
>
> I am unable to bind to active directory using TLS. I get the following
> error while executing my script via the browser
>
> /*PHP Warning: ldap_start_tls() [<a
> href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable
to
> start TLS: Connect error*/
>
> The same script when executed from the command line works!.
>
> I have compiled PHP with flags --with-ldap --with-ldap-sasl
> --with-openssl .
>
> Can you help me further trouble shoot this problem?.
>
> Thanks
> Harish
>
>
>
And what has <?php php_info() ?> to say? I think there might be two .ini
files - one for command line and one for httpd php module. So, this one
for httpd might be missing:
extension=openssl.so
extension=ldap.so
<whatever is needed>
Regards,
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net
12:33 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Harish Chakravarthy wrote:
Here is more information
1. I am binding to Active Directory from Solaris 10
2. My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
'--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
'--with-mysql=/usr/local/mysql/' '--with-gd'
3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
exactly the same settings as my user account (that executes the script
from command line)
4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
file is not being used by the script (command line or web). I rename the
file and nothing changes!.
5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I
using a PHP script on my webserver to gather login & password to
authenticated against Active Directory?.
Thanks again for your time.
-Harish
Hello,
I'm sorry, I should have read better. I replied in haste and-
Can you please code I've attached? It should be sufficient just to
supply credentials. I've tested it and, although I can't make an LDAP
connection from console [I've messed something in PHP; ignore], it works
for me via WEB [I can see 'OK']. I'm not sure why I've put comments
about TLS being buggy [probably something in PHP documentation?], but
the code [PHP] works with LDAP TLS just fine.
I don't think you need mod_ldap in Apache, as this one should serve for
direct interaction of httpd<-->LDAP [imao].
Let me know,
Zdenek
- --
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net
<mailto:stybla@turnovfree.net>> wrote:
Harish Chakravarthy wrote:
> Hello Everyone,
>
> Greetings.
>
> I am unable to bind to active directory using TLS. I get the following
> error while executing my script via the browser
>
> /*PHP Warning: ldap_start_tls() [<a
> href='function.ldap-start-tls'>function.ldap-start-tls</a>]:
Unable to
> start TLS: Connect error*/
>
> The same script when executed from the command line works!.
>
> I have compiled PHP with flags --with-ldap --with-ldap-sasl
> --with-openssl .
>
> Can you help me further trouble shoot this problem?.
>
> Thanks
> Harish
>
>
>
And what has <?php php_info() ?> to say? I think there might be two .ini
files - one for command line and one for httpd php module. So, this one
for httpd might be missing:
extension=openssl.so
extension=ldap.so
<whatever is needed>
Regards,
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net <mailto:stybla@turnovfree.net>
jabber: stybla(a)jabber.turnovfree.net
<mailto:stybla@jabber.turnovfree.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq9w8IACgkQ8MreUbSH7ik1/QCgz6i5y1ogcRO8GlYAFHudY0Rw
qfQAnjHLzOG1CuQRkGI9AA4VZMjrXtWQ
=r25x
-----END PGP SIGNATURE-----
1:04 a.m.
Harish Chakravarthy wrote:
Here is more information
1. I am binding to Active Directory from Solaris 10
2. My php_info gives configure options as './configure'
'--prefix=/home/local/php-5.2.9' '--with-apxs2=/path/apache2/bin/apxs'
'--with-ldap' '--with-ldap-sasl' '--with-openssl=/usr/local/ssl'
'--with-mysql=/usr/local/mysql/' '--with-gd'
3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
exactly the same settings as my user account (that executes the script
from command line)
4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
file is not being used by the script (command line or web). I rename the
file and nothing changes!.
5. I have apache compiled for mod_ssl
Should I recompile Apache with mod_ldap or any additional modules - I
using a PHP script on my webserver to gather login & password to
authenticated against Active Directory?.
Thanks again for your time.
-Harish
Also, does TLS work with LDAP itself?
There is also comment at php.net which says:
If your version was linked against the OpenLDAP libraries, you may
want to look at the ldap.conf file for more information about specifying
SSL/TLS behavior. Apparently, the settings in ldap.conf make a different
in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net
On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net
<mailto:stybla@turnovfree.net>> wrote:
Harish Chakravarthy wrote:
> Hello Everyone,
>
> Greetings.
>
> I am unable to bind to active directory using TLS. I get the following
> error while executing my script via the browser
>
> /*PHP Warning: ldap_start_tls() [<a
> href='function.ldap-start-tls'>function.ldap-start-tls</a>]:
Unable to
> start TLS: Connect error*/
>
> The same script when executed from the command line works!.
>
> I have compiled PHP with flags --with-ldap --with-ldap-sasl
> --with-openssl .
>
> Can you help me further trouble shoot this problem?.
>
> Thanks
> Harish
>
>
>
And what has <?php php_info() ?> to say? I think there might be two .ini
files - one for command line and one for httpd php module. So, this one
for httpd might be missing:
extension=openssl.so
extension=ldap.so
<whatever is needed>
Regards,
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net <mailto:stybla@turnovfree.net>
jabber: stybla(a)jabber.turnovfree.net
<mailto:stybla@jabber.turnovfree.net>
5:46 p.m.
Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This
test script works from command line but not from the web. "TLS connect
failed!" is my error message when I execute the script via web. Any
assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to
Active Directory.
<?php
define('MYLDAP_HOST', 'ldap://my.server');
define('MYLDAP_PORT', 389);
define('MYLDAP_BINDDN',
'CN=something,OU=Users,OU=Administration,DC=edu');
define('MYLDAP_PSWD', 'something);
# Required for working via command line
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT);
if (!$ldapConn) {
exit("Unable to connect to LDAP server");
}
if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
exit("Unable to set protocol version to v3");
}
$tls = ldap_start_tls($ldapConn);
if (!$tls) { exit("TLS connect failed!"); }
$ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD);
if (!$ldapBind) {
exit("LDAP Bind failed");
}
echo "Works!<br/>";
ldap_unbind($ldapConn);
return 0;
?>
-Harish
On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik <stybla(a)turnovfree.net>wrote:
Harish Chakravarthy wrote:
> Here is more information
> 1. I am binding to Active Directory from Solaris 10
> 2. My php_info gives configure options as './configure'
> '--prefix=/home/local/php-5.2.9'
'--with-apxs2=/path/apache2/bin/apxs'
> '--with-ldap' '--with-ldap-sasl'
'--with-openssl=/usr/local/ssl'
> '--with-mysql=/usr/local/mysql/' '--with-gd'
> 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
> exactly the same settings as my user account (that executes the script
> from command line)
> 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
> file is not being used by the script (command line or web). I rename the
> file and nothing changes!.
> 5. I have apache compiled for mod_ssl
>
> Should I recompile Apache with mod_ldap or any additional modules - I
> using a PHP script on my webserver to gather login & password to
> authenticated against Active Directory?.
>
> Thanks again for your time.
>
> -Harish
>
>
Also, does TLS work with LDAP itself?
There is also comment at php.net which says:
> If your version was linked against the OpenLDAP libraries, you may
> want to look at the ldap.conf file for more information about specifying
> SSL/TLS behavior. Apparently, the settings in ldap.conf make a different
> in the way SSL/TLS is handled by PHP.
Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net
>
>
>
> On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net
> <mailto:stybla@turnovfree.net>> wrote:
>
> Harish Chakravarthy wrote:
> > Hello Everyone,
> >
> > Greetings.
> >
> > I am unable to bind to active directory using TLS. I get the
following
> > error while executing my script via the browser
> >
> > /*PHP Warning: ldap_start_tls() [<a
> >
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable
to
> > start TLS: Connect error*/
> >
> > The same script when executed from the command line works!.
> >
> > I have compiled PHP with flags --with-ldap --with-ldap-sasl
> > --with-openssl .
> >
> > Can you help me further trouble shoot this problem?.
> >
> > Thanks
> > Harish
> >
> >
> >
>
> And what has <?php php_info() ?> to say? I think there might be two
.ini
> files - one for command line and one for httpd php module. So, this
one
> for httpd might be missing:
> extension=openssl.so
> extension=ldap.so
> <whatever is needed>
>
> Regards,
> Zdenek
>
> --
> Zdenek Styblik
> Net/Linux admin
> OS TurnovFree.net
> email: stybla(a)turnovfree.net <mailto:stybla@turnovfree.net>
> jabber: stybla(a)jabber.turnovfree.net
> <mailto:stybla@jabber.turnovfree.net>
>
>
12:25 p.m.
Hello Everyone,
My problem is solved, yeah !.
The openssl libraries used by Apache mod_ssl and Php were different
versions. I had to recompile Apache and Php to use the same version and
everything worked!.
-Harish
On Sun, Sep 27, 2009 at 5:46 PM, Harish Chakravarthy <harishvc(a)gmail.com>wrote:
Hello Everyone,
Below is my Php test script (minor modifications to Zdenek's script) . This
test script works from command line but not from the web. "TLS connect
failed!" is my error message when I execute the script via web. Any
assistance is welcome.
Also my environment is Php using OpenLDAP on Solaris 10 connecting to
Active Directory.
<?php
define('MYLDAP_HOST', 'ldap://my.server');
define('MYLDAP_PORT', 389);
define('MYLDAP_BINDDN',
'CN=something,OU=Users,OU=Administration,DC=edu');
define('MYLDAP_PSWD', 'something);
# Required for working via command line
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');
$ldapConn = ldap_connect(MYLDAP_HOST, MYLDAP_PORT);
if (!$ldapConn) {
exit("Unable to connect to LDAP server");
}
if (!ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
exit("Unable to set protocol version to v3");
}
$tls = ldap_start_tls($ldapConn);
if (!$tls) { exit("TLS connect failed!"); }
$ldapBind = ldap_bind($ldapConn, MYLDAP_BINDDN, MYLDAP_PSWD);
if (!$ldapBind) {
exit("LDAP Bind failed");
}
echo "Works!<br/>";
ldap_unbind($ldapConn);
return 0;
?>
-Harish
On Sat, Sep 26, 2009 at 1:04 AM, Zdenek Styblik <stybla(a)turnovfree.net>wrote:
> Harish Chakravarthy wrote:
> > Here is more information
> > 1. I am binding to Active Directory from Solaris 10
> > 2. My php_info gives configure options as './configure'
> > '--prefix=/home/local/php-5.2.9'
'--with-apxs2=/path/apache2/bin/apxs'
> > '--with-ldap' '--with-ldap-sasl'
'--with-openssl=/usr/local/ssl'
> > '--with-mysql=/usr/local/mysql/' '--with-gd'
> > 3. The PATH & LD_LIBRARY_PATH listed via php_info on the browser has
> > exactly the same settings as my user account (that executes the script
> > from command line)
> > 4. I have a ldap.conf file inside /opt/csw/etc/openldap . However this
> > file is not being used by the script (command line or web). I rename the
> > file and nothing changes!.
> > 5. I have apache compiled for mod_ssl
> >
> > Should I recompile Apache with mod_ldap or any additional modules - I
> > using a PHP script on my webserver to gather login & password to
> > authenticated against Active Directory?.
> >
> > Thanks again for your time.
> >
> > -Harish
> >
> >
>
> Also, does TLS work with LDAP itself?
> There is also comment at php.net which says:
>
> > If your version was linked against the OpenLDAP libraries, you may
> > want to look at the ldap.conf file for more information about specifying
> > SSL/TLS behavior. Apparently, the settings in ldap.conf make a different
> > in the way SSL/TLS is handled by PHP.
>
> Please, check >> http://marc.info/?l=php-windows&m=116127873321748&w=2
>
> Zdenek
>
> --
> Zdenek Styblik
> Net/Linux admin
> OS TurnovFree.net
> email: stybla(a)turnovfree.net
> jabber: stybla(a)jabber.turnovfree.net
>
> >
> >
> >
> > On Thu, Sep 24, 2009 at 5:59 AM, Zdenek Styblik <stybla(a)turnovfree.net
> > <mailto:stybla@turnovfree.net>> wrote:
> >
> > Harish Chakravarthy wrote:
> > > Hello Everyone,
> > >
> > > Greetings.
> > >
> > > I am unable to bind to active directory using TLS. I get the
> following
> > > error while executing my script via the browser
> > >
> > > /*PHP Warning: ldap_start_tls() [<a
> > >
href='function.ldap-start-tls'>function.ldap-start-tls</a>]:
> Unable to
> > > start TLS: Connect error*/
> > >
> > > The same script when executed from the command line works!.
> > >
> > > I have compiled PHP with flags --with-ldap --with-ldap-sasl
> > > --with-openssl .
> > >
> > > Can you help me further trouble shoot this problem?.
> > >
> > > Thanks
> > > Harish
> > >
> > >
> > >
> >
> > And what has <?php php_info() ?> to say? I think there might be two
> .ini
> > files - one for command line and one for httpd php module. So, this
> one
> > for httpd might be missing:
> > extension=openssl.so
> > extension=ldap.so
> > <whatever is needed>
> >
> > Regards,
> > Zdenek
> >
> > --
> > Zdenek Styblik
> > Net/Linux admin
> > OS TurnovFree.net
> > email: stybla(a)turnovfree.net <mailto:stybla@turnovfree.net>
> > jabber: stybla(a)jabber.turnovfree.net
> > <mailto:stybla@jabber.turnovfree.net>
> >
> >
>
4695
days inactive
4701
days old
openldap-technical@openldap.org
6 comments
2 participants
participants (2)
-
Harish Chakravarthy -
Zdenek Styblik