On Tue, 14 Jan 2003 08:37:44 +0200
Leon <[EMAIL PROTECTED]> wrote:
> Hi Daniel
>
> Very important: TLS is NOT SSL.... The start TLS is almost guaranteed not to
> work for secure layer communication to your LDAP server. (You do need two
> dll files in your win\sys32 directory though)
>
We're using OpenLdap 2.x and TLS works fine.
We recommend that our clients use TLS instead of SSL, however we do
keep port 636 open for those clients that cannot use TLS.
(Our ldap configuration requires TLS on port 389, if you connect and do not immediately
upgrade your connection, then your connection is dropped.)
Our Unix servers have compiled PHP to use ldap_start_tls with no problems.
In addition all our JSP based applications have no trouble using JNDI to start TLS.
My hope was that our clients using PHP on windows could at least use ldaps
if TLS was not an option.
I guess the answer to my question is that this version of PHP does not support secure
connections to a Ldap.
> What I suggest is the following: Install STUNNEL accept connections on a
> port... send all this communication to the LDAP server on its secure port.
> STUNNEL will act as a wrapper for all LDAP queries.
>
> Your script will then connect to your localhost on the port you chose above
> and will not even know that the LDAP query is being sent away via a stunnel.
>
We have this configuration working, but we feel the installation is too complex for
most
of our clients to take advantage.
We'll wait until PHP on windows catches up, then tell people to upgrade.
Thanks.
--
Daniel Fisher
Middleware Services, Virginia Tech
> Cheers
>
> > Hello,
> > I'm using the 4.3.0 version of php on Windows 2000 SP3.
> > I'm trying to get php to make a secure connection to our ldap server.
> > I am able to make insecure connections and queries just fine.
> > In the php.ini file I have enabled php_ldap.dll and php_openssl.dll.
> > If I attempt to use ldap_start_tls I get an error: 'Call to undefined
> function'.
> > So I'm assuming the ldap libs were not compiled with TLS.
> > Unfortunately I cannot get ldaps to work either.
> > Using a statement like:
> > ldap_connect("ldaps://ldap.host.com") or ldap_connect("ldap.host.com",
> 636)
> > produces the error: 'Unable to bind to server', when a bind is attempted.
> > Our ldap logs show a connection being opened and then immediately closed.
> >
> > I also tried downloading and installing libsasl.dll, but this had no
> effect on my problem.
> > Does this version php for windows suppport secure connections?
> >
> > --Daniel Fisher
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
