I tried to put host="srvLDAP" but it still doesn't work
Actually the problem is configuring my APACHE server to make it considerate
theses certificate.
I know there is a ldap.conf in the openLDAP directory (on openLDAP server)
where to have to put :
TLS_CACERT ./ssl2/cacert.cer
TLS_REQCERT demand
but how can we specify it on apache server ?
Thanks
2010/6/10 Thierry Lacoste <laco...@u-pec.fr>
> Seems to me that the $host variable is incorrect : should be
> $host="srvLDAP"
>
> HTH,
> Thierry
>
> On 10 juin 10, at 10:57, Jérémy ESCOLANO wrote:
>
> Hi
>
> I'm writing from france cuz i'm having a big problem with apache and ldap.
> let me explain :
>
> I would like to make an Apache server communicate in php with en openLDAP
> server (both servers are under win srv 2003), using LDAPS protocol.
>
> In order to activate LDAPS on my openLDAP srv (srvLDAP), I created self
> signed certificates with openSSL. I got 3 files:
>
>
> cacert.pem
> srvLDAP.pem
> srvLDAP.key
>
>
> I configured my slapd.con file and ldap.conf fil (openLDAP side) like this:
>
> slapd.conf
>
> TLSCertificateFile ./ssl/srvLDAP.pem
> TLSCertificateKeyFile ./ssl/srvLDAP.key
> TLSCACertificateFile ./ssl/cacert.pem
>
>
> ldap.conf
> BASE <ma branche>
> URI ldaps://srvLDAP/
> TLS_CACERT ./ssl/cacert.pem
> TLS_REQCERT demand
>
>
>
> I launched my openLDAP service, and checked ldaps protocol was okay, using
> this command :
>
>
>
> C:\Program Files\OpenLDAP>ldapsearch -b o=exemple,dc=fr -s sub -x -w pass-D
> cn=admin,o=exemple,dc=fr -H ldaps://srvLDAP/
>
>
> Now I would like, from the remote apache server, communicate with the
> openLDAP server using [b]LDAPS[/b] Protocol.
>
> Here is my simplified PHP code
>
> <h2>LDAP OPENLDAP LDAPS</h2>
> <?php
>
>
> $host="ldaps://srvldap";
>
> $port="636";
> $ds=ldap_connect($host,$port);
> ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
> $r=ldap_bind($ds,"cn=admin,o=exemple,dc=fr","pass" );
> $sr=ldap_search($ds,"o=exemplec,dc=fr",("objectClass=maclasse" ));
> $info=ldap_get_entries($ds,$sr);
> print $info["count"]." enregistrements trouvés.";
> ?>
>
> I get this errror:
>
>
> Unable to bind to server: Can't contact LDAP server
>
>
> I know i have to configure certificates in the Apache server configuration,
> I tried to to this according several internet ressources but didn't succeed.
> I also read this link [URL="
> http://forum.hardware.fr/hfr/OSAlternatifs/Logiciels-2/certificats-securisee-connexion-sujet_65365_1.htm"]Here[/URL]
> which is a french link which speak about an ldap.con and ldaprc files to put
> in the apache server. I did it but nothing happened.
>
> Well, i'm lost in all this stuff, that is why i'm asking for help to
> configure my servers to use ldaps with php.
>
> Do you have information that could help me ?
>
> I thank you in advance
>
>
>
