Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 5:48 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Tue Jun 26, 2012 1:30 am 
Offline
Newbie

Joined: Sun Jun 24, 2012 11:21 am
Posts: 3
Hey there,

So I've tried both the IIS7 and the WAMP methods but I'm unable to query my Active Directory servers. The error I receive is:

!! Unable to bind to server !!
Err Number: -1
Err String: Can't contact LDAP server
Check that server name is correct

I'm accessing the site over HTTPS with a cert generated by OpenSSL using WAMP, but as I said it also didn't work for me when I went the IIS7 route. Any ideas?

Thanks!


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 26, 2012 6:34 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Are you able to do non-secure ldap queries?

Secure ldap connections are from the OA server to the ldap server so OA running over SSL has nothing to do with secure ldap.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 26, 2012 11:25 pm 
Offline
Newbie

Joined: Sun Jun 24, 2012 11:21 am
Posts: 3
Yup, insecure queries work fine but won't mesh with our security policies. I presumed it was tied to SSL being enabled on the site as when you check the option off for secure it pops up and tells you that feature requires independent configuration of OpenSSL.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 30, 2012 12:45 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Try this:
Create a text file in c:\OpenLDAP\sysconf\ldap.conf or possibly c:\ldap.conf with the following contents:
[code]TLS_REQCERT never
[/code]
This tells php to not check certificate validity. Looking over my config this is what I've done. Technically a weakening of the security.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 13, 2012 7:35 am 
Offline
Newbie

Joined: Sun Jun 24, 2012 11:21 am
Posts: 3
Thanks JPA.

I tried this to no avail, sadly. I didn't already have a C:\OpenLDAP folders, it this installed with WAMP to your knowledge?


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 13, 2012 8:04 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
What exactly did you do to try it?

The TLS_REQCERT stuff is for the OpenSSL built in to PHP. Apparently php is hard coded to look for an ldap.conf in the places I listed. In my Apache 2 and PHP 5.3 config I can create or remove the ldap.conf file, restart Apache and have SSL LDAP work or not depending on the existence of the ldap.conf.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group