2011/4/10 Mirko Iodice <[email protected]>: > Hi Clément, > first of all I want to thank you for the Self Service Password tool, It > seems to be the perfect way to let my web services users to change their > password. > I'm writing you because I'm trying to use it for the first time to change my > Active Directory user's passwords, I tried everything but I always get the > "Cannot access to LDAP directory" error message. > I hope you can help me out to find what is going wrong here. > > Apache log file report this error: "[error] [client 127.0.0.1] LDAP - Bind > error -1 (Can't contact LDAP server), referer: http://localhost/"; > Is there a way to get more verbose errors? > > I have enabled LDAPS on my Windows 2008 Domain Controller and configured > "config.inc.php" like this: > > $ldap_url = "ldaps://dc2008.domain.lan"; > $ldap_binddn = "cn=usermanager,cn=users,dc=domain,dc=lan"; > $ldap_bindpw = "password"; > $ldap_base = "ou=test,dc=domain,dc=lan"; > $ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))"; > > # Active Directory mode > # true: use unicodePwd as password field > # false: LDAPv3 standard behavior > $ad_mode = true; > > Attached to this mail you can find the packet capture, it seems that at some > point the Apache2 server closes the ldaps connection for some reason. > Thanks in advance for your support. >
Hi Mirko, first, you should use the user mailing list, as your question certainly interest other people. It seems there is a problem in the SSL connection. Have you configured your PHP installation to check the certificate against the CA, or to ignore the certificate? See http://ltb-project.org/wiki/documentation/self-service-password/0.5/config_ldap#server_address The other thing I see is the "Certificate Request" in the SSL Server Hello message, which might mean that the server is configured to authenticate the client with a certificate. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
