I am having troubles connectiong to LDAPS, I can however connect fine to LDAP (non-ssl) via the adLDAP class with PHP. I have created the certificate and copied the file to my Linux server and converted it. I have tried debugging and firewalls and things but I don't understand where I should put my converted key file (the *.pem file). I have it currently in /etc/openldap/cacerts and /etc/ssl/certs/ but I believe I am not even getting far enough to use the certifcate as windows never acknowledges a connection. I does winge about no key file thos when i telnet, so it is accepting connections.
Also, in the ldap.conf how much detail and what should I specify in there ? I have declaired the URI and base DN in there, but is there anything else I require? Any assistance would be appreciated, if any more data is required for better reccomendations please ask.
ldap search retuens:
suse-ware:/home/crl # ldapsearch -H "ldaps://caribou" -b "" -s base -Omaxssf=0
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
OS = Open SUSE 10.2
Windows Server 2003 - Active Directory
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all,
I am having troubles connectiong to LDAPS, I can however connect fine to LDAP (non-ssl) via the adLDAP class with PHP. I have created the certificate and copied the file to my Linux server and converted it. I have tried debugging and firewalls and things but I don't understand where I should put my converted key file (the *.pem file). I have it currently in /etc/openldap/cacerts and /etc/ssl/certs/ but I believe I am not even getting far enough to use the certifcate as windows never acknowledges a connection. I does winge about no key file thos when i telnet, so it is accepting connections.
Also, in the ldap.conf how much detail and what should I specify in there ? I have declaired the URI and base DN in there, but is there anything else I require? Any assistance would be appreciated, if any more data is required for better reccomendations please ask.
ldap search retuens:
suse-ware:/home/crl # ldapsearch -H "ldaps://caribou" -b "" -s base -Omaxssf=0
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
OS = Open SUSE 10.2
Windows Server 2003 - Active Directory
You might have forgotten the ldap.conf part.
Copy the ldap.conf file to the apache root. On my server it was /etc/httpd/
In the file is the following:
ssl on
ssl start_tls
TLS_CACERT /etc/openldap/cacerts/domaincontrollerCA.pem
Thanks! I will attempt soon and let you know how it goes!
Appreciate the reply.
Thanks again, I have nutted this one out.
Had to use c_rehash on the certificate I generated from Certificate Auth on Win 2k3.
In my htdocs dir II made a sim-link to /etc/openldap/ldap.conf which contained:
TLS_REQCERT never
ssl on
ssl start_tls
TLS_CACERT /etc/openldap/cacerts/FILE.pem
and I bind to ad using ldaps://DC.domain.com:636 and it works.
I shall now actually code and post my finished code when all done to try and help the community.