Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Unable to do secure LDAP queries https://www.open-audit.org/phpBB3/viewtopic.php?f=10&t=5898 |
Page 1 of 1 |
Author: | gokart [ Tue Jun 26, 2012 1:30 am ] |
Post subject: | Unable to do secure LDAP queries |
Hey there, So I've tried both the IIS7 and the WAMP methods but I'm unable to query my Active Directory servers. The error I receive is: !! Unable to bind to server !! Err Number: -1 Err String: Can't contact LDAP server Check that server name is correct I'm accessing the site over HTTPS with a cert generated by OpenSSL using WAMP, but as I said it also didn't work for me when I went the IIS7 route. Any ideas? Thanks! |
Author: | jpa [ Tue Jun 26, 2012 6:34 am ] |
Post subject: | Re: Unable to do secure LDAP queries |
Are you able to do non-secure ldap queries? Secure ldap connections are from the OA server to the ldap server so OA running over SSL has nothing to do with secure ldap. |
Author: | gokart [ Tue Jun 26, 2012 11:25 pm ] |
Post subject: | Re: Unable to do secure LDAP queries |
Yup, insecure queries work fine but won't mesh with our security policies. I presumed it was tied to SSL being enabled on the site as when you check the option off for secure it pops up and tells you that feature requires independent configuration of OpenSSL. |
Author: | jpa [ Sat Jun 30, 2012 12:45 pm ] |
Post subject: | Re: Unable to do secure LDAP queries |
Try this: Create a text file in c:\OpenLDAP\sysconf\ldap.conf or possibly c:\ldap.conf with the following contents: [code]TLS_REQCERT never [/code] This tells php to not check certificate validity. Looking over my config this is what I've done. Technically a weakening of the security. |
Author: | gokart [ Fri Jul 13, 2012 7:35 am ] |
Post subject: | Re: Unable to do secure LDAP queries |
Thanks JPA. I tried this to no avail, sadly. I didn't already have a C:\OpenLDAP folders, it this installed with WAMP to your knowledge? |
Author: | jpa [ Fri Jul 13, 2012 8:04 am ] |
Post subject: | Re: Unable to do secure LDAP queries |
What exactly did you do to try it? The TLS_REQCERT stuff is for the OpenSSL built in to PHP. Apparently php is hard coded to look for an ldap.conf in the places I listed. In my Apache 2 and PHP 5.3 config I can create or remove the ldap.conf file, restart Apache and have SSL LDAP work or not depending on the existence of the ldap.conf. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |