Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 805
  • Last Modified:

Open Directory, LDAP, and PHP/Joomla

I am attempting to setup our Joomla Intranet to connect to our Open Directory server (Mac Server 10.6.8) for authentication using LDAP.

I have opened the LDAP port and assigned it a static outside IP. I can connect to the Open Directory using this IP address from outside the network using the Directory Utility in Mac OS.

I cannot seem to find the proper information to get our webserver (external/CENTOS) to connect to the it. LDAP support is installed on the webserver.

What Base DN and Web DN should I use? Do I need a connect user and password? Do I use Search or not? I know I use LDAP V3. I tried the Base DN listed in the Server Manager, but that doesn't work. Using a PHP LDAP Debug tool, it just says it cannot connect to the server.

Any suggestions? Is there something else I have to set up?

Thanks!!
0
gpubit
Asked:
gpubit
  • 4
  • 3
1 Solution
 
ArneLoviusCommented:
First of all

If you are connecting to OD over the internet, you want to secure the traffic over SSL with LDAPS on port 636 rather than just LDAP on port 389. With LDAP on port 389 the usernames and passwords re sent in plaintext...

You would usually configure an LDAP server to not allow anonymous binds, therefore you will need to specify the user to make the initial bind with in the form CN= etc etc

I would suggest that you used an LDAP browser on your local machine to confirm the correct user DN and Base DN before testing it on your Joomla site.
0
 
gpubitAuthor Commented:
I would like to get this working as the settings are, before changing how the LDAP server is set up. I would like to try to get it to work on LDAP 389.

Do you have any suggestions specifically relating to PHP LDAP access and Open Directory on a Mac Server?
0
 
gpubitAuthor Commented:
I am able to connect fine using an LDAP browser. Here is what happens when I try to connect via PHP though:

Screenshot
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
ArneLoviusCommented:
you do not appear to have anything set for the "Connect user", this should be the full DN of the user.

is there a firewall configured on the Mac server ?
0
 
gpubitAuthor Commented:
The connect user is for LDAP authentication to access it. I am able to connect using the LDAP browser without any authentication, so I shouldn't need to use a Connect User. Also, since I am able to connect using the LDAP browser, there should be no firewall issues.

For what it's worth, I did try putting in a username and password, to no avail.
0
 
ArneLoviusCommented:
You are running an LDAP server with anonymous connections enabled directly accessible from the Internet ?

Nothing personal, but if I discovered an IT manager doing that they would be fired for gross incompetence.

If you can connect using the Mac directory utility from outside, but the PHP application cannot, I would suggest trying to telnet to the port from the server running the application and see if it blocked elsewhere.
0
 
gpubitAuthor Commented:
The port was being blocked from the Web Server. Port opened, works fine.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now