unable to start TLS in ldap queries
yawnmoth
connected to, I get the following error message:
Warning: ldap_search(): Search: Confidentiality required in
C:\path\to\script.php on line xxx
So I try to use ldap_start_tls() and get this error:
Wwarning: ldap_start_tls(): Unable to start TLS: Connect error in
C:\path\to\script.php on line xxx
I try to set LDAP_OPT_PROTOCOL_VERSION to 3, with ldap_set_option,
before doing ldap_start_tls, and get the same error.
Anyway, I'm not really sure what the problem is. Any ideas?
petersprc
You might want to make sure the hostname you're using in ldap_connect
matches the CN in the server's certificate exactly. You could try using
ldaps:// as the protocol. You might also need to set your certificate
dir or file in the client's ldap.conf file too.
For example, using the stock package from RHEL4:
/etc/openldap/ldap.conf:
TLS_CACERT /usr/share/ssl/certs/slapd.pem # self-signed cert
Client script:
<?
$ds = ldap_connect('ldaps://localhost.localdomain');
if ($ds === false) {
trigger_error('ldap_connect', E_USER_ERROR);
}
?>
yawnmoth
petersprc wrote:
> Hi,
>
> You might want to make sure the hostname you're using in ldap_connect
> matches the CN in the server's certificate exactly. You could try using
> ldaps:// as the protocol. You might also need to set your certificate
> dir or file in the client's ldap.conf file too.
>
> For example, using the stock package from RHEL4:
>
> /etc/openldap/ldap.conf:
>
> TLS_CACERT /usr/share/ssl/certs/slapd.pem # self-signed cert
I'm using Windows - not Linux. Assuming I should still be using
ldap.conf, any ideas as to where it should go?
The following suggests that the location of where the ldap.conf file
should be is hard-coded:
http://www.php.net/manual/en/ref.ldap.php#47427
I tried that, though, and it doesn't work. Maybe my *.conf file is
wrong?:
TLS_CACERT cacert.pem
The cacert.pem file is in the same directory as the *.conf file.