Troubles Connecting to LDAPS Win03

  • c00p

    c00p - 2007-04-20

    Hi all,

    I am having troubles connectiong to LDAPS, I can however connect fine to LDAP (non-ssl) via the adLDAP class with PHP. I have created the certificate and copied the file to my Linux server and converted it. I have tried debugging and firewalls and things but I don't understand where I should put my converted key file (the *.pem file). I have it currently in /etc/openldap/cacerts and /etc/ssl/certs/ but I believe I am not even getting far enough to use the certifcate as windows never acknowledges a connection. I does winge about no key file thos when i telnet, so it is accepting connections.

    Also, in the ldap.conf how much detail and what should I specify in there ? I have declaired the URI and base DN in there, but is there anything else I require? Any assistance would be appreciated, if any more data is required for better reccomendations please ask.

    ldap search retuens:
    suse-ware:/home/crl # ldapsearch -H "ldaps://caribou" -b "" -s base -Omaxssf=0
    ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

    OS = Open SUSE 10.2
    Windows Server 2003 - Active Directory

    • Justin J. Novack

      You might have forgotten the ldap.conf part.

      Copy the ldap.conf file to the apache root.  On my server it was /etc/httpd/

      In the file is the following:

      ssl on
      ssl start_tls
      TLS_CACERT /etc/openldap/cacerts/domaincontrollerCA.pem

      • c00p

        c00p - 2007-06-19

        Thanks! I will attempt soon and let you know how it goes!
        Appreciate the reply.

    • c00p

      c00p - 2007-08-03

      Thanks again, I have nutted this one out.
      Had to use c_rehash on the certificate I generated from Certificate Auth on Win 2k3.

      In my htdocs dir II made a sim-link to /etc/openldap/ldap.conf which contained:

      TLS_REQCERT     never
      ssl             on
      ssl             start_tls
      TLS_CACERT      /etc/openldap/cacerts/FILE.pem

      and I bind to ad using ldaps:// and it works.

      I shall now actually code and post my finished code when all done to try and help the community.


Log in to post a comment.