I tried to put host="srvLDAP" but it still doesn't work Actually the problem is configuring my APACHE server to make it considerate theses certificate. I know there is a ldap.conf in the openLDAP directory (on openLDAP server) where to have to put :
TLS_CACERT ./ssl2/cacert.cer TLS_REQCERT demand but how can we specify it on apache server ? Thanks 2010/6/10 Thierry Lacoste <laco...@u-pec.fr> > Seems to me that the $host variable is incorrect : should be > $host="srvLDAP" > > HTH, > Thierry > > On 10 juin 10, at 10:57, Jérémy ESCOLANO wrote: > > Hi > > I'm writing from france cuz i'm having a big problem with apache and ldap. > let me explain : > > I would like to make an Apache server communicate in php with en openLDAP > server (both servers are under win srv 2003), using LDAPS protocol. > > In order to activate LDAPS on my openLDAP srv (srvLDAP), I created self > signed certificates with openSSL. I got 3 files: > > > cacert.pem > srvLDAP.pem > srvLDAP.key > > > I configured my slapd.con file and ldap.conf fil (openLDAP side) like this: > > slapd.conf > > TLSCertificateFile ./ssl/srvLDAP.pem > TLSCertificateKeyFile ./ssl/srvLDAP.key > TLSCACertificateFile ./ssl/cacert.pem > > > ldap.conf > BASE <ma branche> > URI ldaps://srvLDAP/ > TLS_CACERT ./ssl/cacert.pem > TLS_REQCERT demand > > > > I launched my openLDAP service, and checked ldaps protocol was okay, using > this command : > > > > C:\Program Files\OpenLDAP>ldapsearch -b o=exemple,dc=fr -s sub -x -w pass-D > cn=admin,o=exemple,dc=fr -H ldaps://srvLDAP/ > > > Now I would like, from the remote apache server, communicate with the > openLDAP server using [b]LDAPS[/b] Protocol. > > Here is my simplified PHP code > > <h2>LDAP OPENLDAP LDAPS</h2> > <?php > > > $host="ldaps://srvldap"; > > $port="636"; > $ds=ldap_connect($host,$port); > ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); > $r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","pass" ); > $sr=ldap_search($ds,"o=exemplec,dc=fr",("objectClass=maclasse" )); > $info=ldap_get_entries($ds,$sr); > print $info["count"]." enregistrements trouvés."; > ?> > > I get this errror: > > > Unable to bind to server: Can't contact LDAP server > > > I know i have to configure certificates in the Apache server configuration, > I tried to to this according several internet ressources but didn't succeed. > I also read this link [URL=" > http://forum.hardware.fr/hfr/OSAlternatifs/Logiciels-2/certificats-securisee-connexion-sujet_65365_1.htm"]Here[/URL] > which is a french link which speak about an ldap.con and ldaprc files to put > in the apache server. I did it but nothing happened. > > Well, i'm lost in all this stuff, that is why i'm asking for help to > configure my servers to use ldaps with php. > > Do you have information that could help me ? > > I thank you in advance > > >