Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Hi Christophe,
I've corrected point n°1
Concerning point n°2, I must say that I don't really know.
Is it possible for you to check
http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl and tell me if
your LDAPS is set as expected?
Thanks
NilsOriginal comment by nils.lau...@gmail.com on 9 Apr 2011 at 8:06
GoogleCodeExporter
commented
9 years ago Hello Nils,
thank you for your response. I'm not in the office right now. I will look into
it next week and give you feedback.
ChristophOriginal comment by Marker...@gmail.com on 12 Apr 2011 at 3:17
GoogleCodeExporter
commented
9 years ago Hello Nils,
we checked the settings displayed in the link you gave us. Everything should be
correct. Checking the LDAPS connection with ldapsearch was successfull, but
cPassMan still doesn't try to establish any connections vis LDAPs (checked via
sniffer).
ChristophOriginal comment by Marker...@gmail.com on 19 Apr 2011 at 11:00
GoogleCodeExporter
commented
9 years ago Hello Christoph,
I'll do a check on ldap library in order to see if cpassman is really ok.
NilsOriginal comment by nils.lau...@gmail.com on 19 Apr 2011 at 4:55
GoogleCodeExporter
commented
9 years ago Hi Nils,
do you have any news for me?
ChristophOriginal comment by Marker...@gmail.com on 10 May 2011 at 9:28
GoogleCodeExporter
commented
9 years ago Hi Christoph,
Yes I've worked on that topic a couple of hours without any success for the
moment.
It's a subject that I don't master actually ... but I've done some interesting
progress recently
I will hopefully implement something this month
NilsOriginal comment by nils.cpa...@gmail.com on 10 May 2011 at 7:24
GoogleCodeExporter
commented
9 years ago Hi Nils,
sorry to ask again. Do you hvae any news for me? Can I help you with anything
(maybe tests)?
ChristophOriginal comment by Marker...@gmail.com on 21 Jun 2011 at 7:11
GoogleCodeExporter
commented
9 years ago Hi Christoph,
which distribution do you use and what LDAPS server are you asking (AD?
OpenLDAP?)?
I've got it running with Debian Squeeze (Client and Server), OpenLDAP and
cpassman_2.0b5_patch1.zip. The only thing was to set: "TLS_REQCERT never" in
"/etc/ldap/ldap.conf" because I'm using selfsigned certificates.
@Nils: I can verify it works with LDAPS and the patch from issue 42.
MichaelOriginal comment by m.mu...@gmail.com on 24 Aug 2011 at 9:45
GoogleCodeExporter
commented
9 years ago Hello Michael,
thank you for your answer. We are using AD, cpassman is installed on Debian.
TLS_REQCERT is set to never. HTTPS only.
What packages did you install on your Debian? Are there any more configurations
I have to do first?
When I'm trying to establish an ldaps connection via ldapsearch
ldapsearch -H "ldaps://fisdc01.fis-gmbh.de" -b "" -s base -Omaxssf=0
I get the following Message:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
I have googled a lot but didn't find anything helpful.
Thank you!
ChristophOriginal comment by Marker...@gmail.com on 24 Aug 2011 at 10:01
GoogleCodeExporter
commented
9 years ago Hi Christoph,
why are you using SASL? Can you show me your ldap.conf please?
root@apps01:/var/www# dpkg -l | grep php
ii libapache2-mod-php5 5.3.3-7+squeeze3
server-side, HTML-embedded scripting language (Apache 2 module)
ii php5-cli 5.3.3-7+squeeze3
command-line interpreter for the php5 scripting language
ii php5-common 5.3.3-7+squeeze3 Common
files for packages built from the php5 source
ii php5-gd 5.3.3-7+squeeze3 GD module
for php5
ii php5-ldap 5.3.3-7+squeeze3 LDAP
module for php5
ii php5-mcrypt 5.3.3-7+squeeze3 MCrypt
module for php5
ii php5-mysql 5.3.3-7+squeeze3 MySQL
module for php5
ii php5-suhosin 0.9.32.1-1 advanced
protection module for php5
ii phpmyadmin 4:3.3.7-6 MySQL web
administration tool
root@apps01:/var/www# dpkg -l | grep ldap
ii libaprutil1-ldap 1.3.9+dfsg-5 The Apache
Portable Runtime Utility Library - LDAP Driver
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP
libraries
ii php5-ldap 5.3.3-7+squeeze3 LDAP
module for php5Original comment by m.mu...@gmail.com on 24 Aug 2011 at 10:24
GoogleCodeExporter
commented
9 years ago Hi Michael,
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT never
ssl yes
tls_checkpeer no
----------------------
php5-gd, php5-suhosin, libaprutil1-ldap and libldap-2.4.2 are not installed. Do
we need them for AD-authentication?
ChristophOriginal comment by Marker...@gmail.com on 24 Aug 2011 at 11:05
GoogleCodeExporter
commented
9 years ago Hm ... you should enable debugging in PHP and check apache's error_log.
And check:
root@apps01:/var/www# dpkg -l | grep ssl
ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared
libraries
ii openssl 0.9.8o-4squeeze1 Secure
Socket Layer (SSL) binary and related cryptographic tools
ii ssl-cert 1.0.28 simple
debconf wrapper for OpenSSL
Original comment by m.mu...@gmail.com on 24 Aug 2011 at 11:34
GoogleCodeExporter
commented
9 years ago Hi all,
this issue can be closed. A collegue of mine managed to make it work.
ChristophOriginal comment by Marker...@gmail.com on 9 Nov 2011 at 12:11
GoogleCodeExporter
commented
9 years ago Could you post the details on what the root cause and resolution of your issue
was, for the benefit of all?Original comment by SeanNien...@gmail.com on 12 Dec 2011 at 3:07
GoogleCodeExporter
commented
9 years ago Hello Sean,
I'm not fully aware of all the changes my colleague made but as far as I know
we had to "hardcode" the adldap.php additionally to the settings on the
webinterface. We also had to choose one Domaincontroller instead of an array of
Domaincontroller.
I hope this helps you.
ChristophOriginal comment by Marker...@gmail.com on 12 Dec 2011 at 4:06
GoogleCodeExporter
commented
9 years ago Ldaps and windows servers! (my config: windows 2008r2 DC with php 5.3.8)
php OpenLdap doesn't work out of the box with self signed windows certificates.
You need to tell the LDAP plugin that it may accept self signed certificates.
This is done in the file ldap.conf
Create this file in c:\
Put in this file:
TLS_REQCERT never
REBOOT (complete) SERVER.
now it should work with ssl on en tls off.
If it doesn't work install microsoft process monitor and filter on ldap.conf
Some installs require a different path. (So process monitor will tell you the
right path)
More reference: http://www.php.net/manual/en/ref.ldap.php#77553
Cheers ChristianOriginal comment by christia...@gmail.com on 12 Dec 2011 at 4:48
GoogleCodeExporter
commented
9 years ago to be complete here is the file ldap.confOriginal comment by christia...@gmail.com on 12 Dec 2011 at 4:49
Attachments:
GoogleCodeExporter
commented
9 years ago hi, as i also stumbled over this issue, i just wanted to add as comment:
for windows 2008R2 domains, this also works fine with specific trusted cert's
BUT only if one DC is put into the configuration. with an array or just the
domain name, it does not work.
****** /etc/ldap/ldap.conf :
#TLS_REQCERT never
LDAPTrustedCAType BASE64_FILE
TLS_CACERT /etc/apache2/pki/COMPANY-Basic-Root-CA-cacert.crt
Original comment by lukas.ju...@gmail.com on 31 Jul 2012 at 11:31
GoogleCodeExporter
commented
9 years ago [deleted comment]I can't get LDAP to work with active directory over SSL or TLS, only plain LDAP
seems to work. I have read through this thread and tried the suggestions here
to no avail.
Original comment by star2...@gmail.com on 2 Oct 2012 at 3:17
GoogleCodeExporter
commented
9 years ago Check with tcpdump on the LDAP server if the connection comes over the correct
port and if there are cert issues (tcpdump -X -s 0 -n port 636)Original comment by m.mu...@gmail.com on 4 Oct 2012 at 8:32
Original issue reported on code.google.com by
Marker...@gmail.comon 5 Apr 2011 at 1:41