[英]Authenticate against Windows AD using Zend Ldap
I am authenticating from a LAMP system against a Windows AD Server from a PHP app built using Zend Framework 1.12. 我正在从使用Zend Framework 1.12构建的PHP应用程序中针对Windows AD Server的LAMP系统进行身份验证。 I am using Zend_Ldap to connect.
我正在使用Zend_Ldap进行连接。 The authentication process works fine if I do not use a secure connection ie LDAP over LDAPS.
如果我不使用安全连接即LDAP over LDAPS,则身份验证过程可以正常工作。 However, I wish to be able to preform other operations from the Web App such as resetting passwords on the AD Server.
但是,我希望能够从Web应用程序执行其他操作,例如重置AD服务器上的密码。 However, this requires a secure connection.
但是,这需要安全连接。
Some background info first 首先是一些背景信息
My Web application runs from a HTTPS connection (https://intranet) with a self signed certificate. 我的Web应用程序使用自签名证书从HTTPS连接(https:// intranet)运行。 The self signed certificate has been add to the trusted store on the AD server.
自签名证书已添加到AD服务器上的受信任存储中。
When I run my script I get this error message: 当我运行我的脚本时,我收到此错误消息:
Error: 0x51 (Can't contact LDAP server; TLS error -8179:Peer's Certificate issuer is not recognized.): ldaps://192.168.0.x
My code is as follows: 我的代码如下:
$options = array(
'host' => 192.168.0.2,
'accountDomainName' => domain.internal,
'accountDomainNameShort' => domain,
'accountCanonicalForm' => 3,
'baseDn' => "OU=Establishments,DC=domain,DC=internal"
'username' => 'admin',
'password' => 'password'
'useSsl' => true
);
$ldap = new Zend_Ldap($options);
$ldap->bind();
My question is: 我的问题是:
Does my problem lie somewhere with my code or with my server configuration? 我的问题是在我的代码或服务器配置的某个地方吗? Has any one had any experience with Zend_Ldap and AD?
有没有人有Zend_Ldap和AD的经验?
Ok, a little bit of further reading revealed that my problem was server related. 好的,稍微进一步阅读显示我的问题与服务器有关。
I needed to import the CA Certificate from the Windows AD Server to the certificate store on my Linux box in /etc/openldap/certs and edit /etc/openldap/ldap.conf so that it reads: 我需要将CA AD服务器中的CA证书导入到/ etc / openldap / certs中我的Linux机器上的证书存储区,然后编辑/etc/openldap/ldap.conf,使其显示为:
TLS_CACERT /etc/openldap/certs/mydoamin.com.pem
I can now securely connect with LDAPS to Windows AD Server. 我现在可以安全地将LDAPS连接到Windows AD Server。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.