[Question] TLS: unable to get CN from peer certificate

[sebcodes]

Environment:

• LDAP Server Type: ActiveDirectory
• PHP Version: 8.2
• No Laravel

Describe the bug:

"TLS: unable to get CN from peer certificate"

My configuration:

            self::$ldap = new \LdapRecord\Connection([
                'hosts'            => [getenv('LDAP_IP')],
                'base_dn'          => getenv('LDAP_BASE_DN'),
                'username'         => getenv('LDAP_USER'),
                'password'         => getenv('LDAP_PASSWORD'),

                // Optional Configuration Options
                'port'             => getenv('LDAP_PORT'),
                'use_ssl'          => true,
                'use_tls'          => false,
                'use_sasl'         => false,
                'version'          => 3,
                'timeout'          => 3,
                'follow_referrals' => false,

                // Custom LDAP Options
                'options' => [
                    LDAP_OPT_X_TLS_REQUIRE_CERT => LDAP_OPT_X_TLS_HARD
                ],
                'sasl_options' => [
                    'mech' => null,
                    'realm' => null,
                    'authc_id' => null,
                    'authz_id' => null,
                    'props' => null,
                ]
            ]);

How can I supplement the certificate? The ldap.conf is apparently only for openLDAP? I'ts on a windows server with Apache, the application itsself use a SSL Certificate. Other Applications use also SSL Ldap.

[stevebauman]

Hi @sebcodes,

The ldap.conf is not just for OpenLDAP, the PHP LDAP extension reads the file on all systems when creating LDAP connections.

Follow the instructions here and you'll be all set:

https://ldaprecord.com/docs/core/v3/configuration/#debugging

[sebcodes]

Thanks i see, do you know which certificate i need? Issued by the Domain Controller or just the webserver?

[stevebauman]

Happy to help. It'll be the certificate issued by your domain controller 👍