Solved

Open Directory, LDAP, and PHP/Joomla

Posted on 2013-01-29
7
778 Views
Last Modified: 2013-11-19
I am attempting to setup our Joomla Intranet to connect to our Open Directory server (Mac Server 10.6.8) for authentication using LDAP.

I have opened the LDAP port and assigned it a static outside IP. I can connect to the Open Directory using this IP address from outside the network using the Directory Utility in Mac OS.

I cannot seem to find the proper information to get our webserver (external/CENTOS) to connect to the it. LDAP support is installed on the webserver.

What Base DN and Web DN should I use? Do I need a connect user and password? Do I use Search or not? I know I use LDAP V3. I tried the Base DN listed in the Server Manager, but that doesn't work. Using a PHP LDAP Debug tool, it just says it cannot connect to the server.

Any suggestions? Is there something else I have to set up?

Thanks!!
0
Comment
Question by:gpubit
  • 4
  • 3
7 Comments
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38833752
First of all

If you are connecting to OD over the internet, you want to secure the traffic over SSL with LDAPS on port 636 rather than just LDAP on port 389. With LDAP on port 389 the usernames and passwords re sent in plaintext...

You would usually configure an LDAP server to not allow anonymous binds, therefore you will need to specify the user to make the initial bind with in the form CN= etc etc

I would suggest that you used an LDAP browser on your local machine to confirm the correct user DN and Base DN before testing it on your Joomla site.
0
 

Author Comment

by:gpubit
ID: 38839557
I would like to get this working as the settings are, before changing how the LDAP server is set up. I would like to try to get it to work on LDAP 389.

Do you have any suggestions specifically relating to PHP LDAP access and Open Directory on a Mac Server?
0
 

Author Comment

by:gpubit
ID: 38839593
I am able to connect fine using an LDAP browser. Here is what happens when I try to connect via PHP though:

Screenshot
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 36

Expert Comment

by:ArneLovius
ID: 38840131
you do not appear to have anything set for the "Connect user", this should be the full DN of the user.

is there a firewall configured on the Mac server ?
0
 

Author Comment

by:gpubit
ID: 38840221
The connect user is for LDAP authentication to access it. I am able to connect using the LDAP browser without any authentication, so I shouldn't need to use a Connect User. Also, since I am able to connect using the LDAP browser, there should be no firewall issues.

For what it's worth, I did try putting in a username and password, to no avail.
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 38840263
You are running an LDAP server with anonymous connections enabled directly accessible from the Internet ?

Nothing personal, but if I discovered an IT manager doing that they would be fired for gross incompetence.

If you can connect using the Mac directory utility from outside, but the PHP application cannot, I would suggest trying to telnet to the port from the server running the application and see if it blocked elsewhere.
0
 

Author Closing Comment

by:gpubit
ID: 38840620
The port was being blocked from the Web Server. Port opened, works fine.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now