Warum geht das mit einem normalen Apachen und dem XAMPP-Apachen nicht?
Tipp, Link, Antwort oder vielleicht Absicht?
<?php
// verbinden zum ldap server
$ldap_conn = ldap_connect("ldap://ldapserver.mydomain.de","389") or die("Keine Verbindung zum LDAP server möglich.");
if ($ldap_conn) {
// Go with LDAP version 3 if possible (needed for renaming and Novell schema fetching)
@ldap_set_option($ldap_conn,LDAP_OPT_PROTOCOL_VERSION,3);
/* Disabling this makes it possible to browse the tree for Active Directory, and seems
to not affect other LDAP servers (tested with OpenLDAP) as phpLDAPadmin explicitly
specifies deref behavior for each ldap_search operation. */
@ldap_set_option($ldap_conn,LDAP_OPT_REFERRALS,0);
// Set Debug Level
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
function_exists('ldap_start_tls') or die('Your PHP install does not support TLS.');
if (!@ldap_start_tls($ldap_conn)) {
printf("LDAP-Fehlernummer: %s<br>\n", ldap_errno($ldap_conn));
printf("LDAP-Fehler: %s<br>\n", ldap_error($ldap_conn));
die("Argh!<br>\n");
}
// binden zum ldap server
$ldap_bind = ldap_bind($ldap_conn, $ldap_rdn, $ldap_pass);
// Bindung überprüfen
if ($ldap_bind) {
echo "LDAP bind erfolgreich...<P><P>";
$filter = "(cn=otto*)";
$justthese= array( "ou", "sn", "displayname", "mail");
// $justthese= array("uid");
// $sr=ldap_read($ldapconn, $srdn, $filter, $justthese);
// $entry = ldap_get_entries($ldapconn, $sr);
//Search the directory
$result = ldap_search($ldap_conn, $ldap_address, $filter, $justthese);
//Create result set
$entries = ldap_get_entries($ldap_conn, $result);
//Sort and print
echo "Anzahl Adresssätze count: " . ($entries["count"] - 1) . "<br /><br /><b>Users:</b><br />";
for ($i=0; $i < $entries["count"]; $i++)
{
echo $entries[$i]["displayname"][0]."<br />";
}
// ldap_unbind($ldapconn);
} else {
echo "LDAP bind fehlgeschlagen...";
}
ldap_close($ldap_conn);
}
?>
LDAP-Fehlernummer: 91
LDAP-Fehler: Connect error
#ifdef HAVE_LDAP_START_TLS_S
/* {{{ proto bool ldap_start_tls(resource link)
Start TLS */
PHP_FUNCTION(ldap_start_tls)
{
zval **link;
ldap_linkdata *ld;
int rc, protocol = LDAP_VERSION3;
if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == FAILURE) {
WRONG_PARAM_COUNT;
}
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link", le_link);
if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
RETURN_FALSE;
} else {
RETURN_TRUE;
}
}
/* }}} */
#endif
#endif /* (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP_10 */
$ server = "ldaps://....";
$port = 636;
$con = ldap_connect("ldaps://", $port);
$bh = ldap_bind($ds, $user, $pass);
TLS_REQCERT allow
Ich habe Null Plan wo ich schauen könnte...
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_start_tls(...)
ldap_connect (...) -Klausel
TLS trace: SSL3 alert read:fatal:handshake failure
TLSVerifyClient allow ODER
TLSVerifyClient never
ldapsearch -x -H ldaps://ldapserver.testdomain.de -D "cn=admin,dc=mydomain,dc=de" -w passwd "(&(objectClass=posixAccount)(uid=* ))"
ldapsearch -x -H ldap://ldapserver.testdomain.de -D "cn=admin,dc=mydomain,dc=de" -w passwd "(&(objectClass=posixAccount)(uid=* )) -ZZ"
TLS_REQCERT never
/etc/openldap/ldap.conf
c:\openldap\sysconf\ldap.conf
ldap_create
ldap_url_parse_ext(ldaps://10.12.100.1)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP 10.12.100.1:636
ldap_new_socket: 1656
ldap_prepare_socket: 1656
ldap_connect_to_host: Trying 10.12.100.1:636
ldap_connect_timeout: fd: 1656 tm: -1 async: 0
ldap_ndelay_on: 1656
ldap_ndelay_off: 1656
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 19, subject: /OU=Organizational CA/
O=NWT, issuer: /OU=Organizational CA/O=NWT
TLS certificate verification: Error, self signed certificate in certificate chai
n
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_err2string
Users browsing this forum: No registered users and 55 guests