I am authenticating from a LAMP system against a Windows AD Server from a PHP app built using Zend Framework 1.12. I am using Zend_Ldap to connect. The authentication process works fine if I do not use a secure connection ie LDAP over LDAPS. However, I wish to be able to preform other operations from the Web App such as resetting passwords on the AD Server. However, this requires a secure connection.
Some background info first
My Web application runs from a HTTPS connection (https://intranet) with a self signed certificate. The self signed certificate has been add to the trusted store on the AD server.
When I run my script I get this error message:
Error: 0x51 (Can't contact LDAP server; TLS error -8179:Peer's Certificate issuer is not recognized.): ldaps://192.168.0.x
My code is as follows:
$options = array(
'host' => 192.168.0.2,
'accountDomainName' => domain.internal,
'accountDomainNameShort' => domain,
'accountCanonicalForm' => 3,
'baseDn' => "OU=Establishments,DC=domain,DC=internal"
'username' => 'admin',
'password' => 'password'
'useSsl' => true
);
$ldap = new Zend_Ldap($options);
$ldap->bind();
My question is:
Does my problem lie somewhere with my code or with my server configuration? Has any one had any experience with Zend_Ldap and AD?
Ok, a little bit of further reading revealed that my problem was server related.
I needed to import the CA Certificate from the Windows AD Server to the certificate store on my Linux box in /etc/openldap/certs and edit /etc/openldap/ldap.conf so that it reads:
TLS_CACERT /etc/openldap/certs/mydoamin.com.pem
I can now securely connect with LDAPS to Windows AD Server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.