i work in local with LinuxMint and have in virtualbox installed UbuntuServer with openldap. Now i configure follow this guide http://help.ubuntu-it.org/12.04/server/serverguide/it/ubuntu-1204-server.pdf TLS/SSL auth. I have installed in the client (linuxmint) Xampp and i configure /etc/ldap/ldap.conf with:
TLS_CACERT /etc/ssl/certs/192.168.1.46_slapd_cert.pem
TLS_REQCERT never
I try to connect with php function:
<?php
// This code goes directly to the 636 SSL port
$ldaphost = "ldaps://192.168.1.46";
$ldapUsername = "cn=admin,dc=company,dc=com";
$ldapPassword = "secret";
$ds = ldap_connect($ldaphost);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)){
print "Could not set LDAPv3\r\n";
}
else {
// now we need to bind to the ldap server
$bth = ldap_bind($ds, $ldapUsername, $ldapPassword) or die("\r\nCould not connect to LDAP server\r\n");
}
?>
but not works..
if i try in my terminal:
ldapsearch -x -H ldaps://192.168.1.46 -b "cn=company,cn=com"
it works!! but via php why?..i try to configure the ldap.conf in /opt/lampp/etc/openldap but no result..
I work with openldap an apache/php in centos . Maybe it's similar.
ln -s /etc/ssl/certs/192.168.1.46_slapd_cert.pem `openssl x509 -hash -noout -in /etc/ssl/certs/192.168.1.46_slapd_cert.pem`.0
On my Ubuntu (without ldapsupport) exists the function c_rehash . If I install a revoke-list there, i have to rehash all revokelists with this function in this way:
cd /etc/ssl/certs/
c_rehash /etc/ssl/certs/
Maybe it creates the correct hashes for your CAs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.