Solved

Open Directory, LDAP, and PHP/Joomla

Posted on 2013-01-29
7
799 Views
Last Modified: 2013-11-19
I am attempting to setup our Joomla Intranet to connect to our Open Directory server (Mac Server 10.6.8) for authentication using LDAP.

I have opened the LDAP port and assigned it a static outside IP. I can connect to the Open Directory using this IP address from outside the network using the Directory Utility in Mac OS.

I cannot seem to find the proper information to get our webserver (external/CENTOS) to connect to the it. LDAP support is installed on the webserver.

What Base DN and Web DN should I use? Do I need a connect user and password? Do I use Search or not? I know I use LDAP V3. I tried the Base DN listed in the Server Manager, but that doesn't work. Using a PHP LDAP Debug tool, it just says it cannot connect to the server.

Any suggestions? Is there something else I have to set up?

Thanks!!
0
Comment
Question by:gpubit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38833752
First of all

If you are connecting to OD over the internet, you want to secure the traffic over SSL with LDAPS on port 636 rather than just LDAP on port 389. With LDAP on port 389 the usernames and passwords re sent in plaintext...

You would usually configure an LDAP server to not allow anonymous binds, therefore you will need to specify the user to make the initial bind with in the form CN= etc etc

I would suggest that you used an LDAP browser on your local machine to confirm the correct user DN and Base DN before testing it on your Joomla site.
0
 

Author Comment

by:gpubit
ID: 38839557
I would like to get this working as the settings are, before changing how the LDAP server is set up. I would like to try to get it to work on LDAP 389.

Do you have any suggestions specifically relating to PHP LDAP access and Open Directory on a Mac Server?
0
 

Author Comment

by:gpubit
ID: 38839593
I am able to connect fine using an LDAP browser. Here is what happens when I try to connect via PHP though:

Screenshot
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 37

Expert Comment

by:ArneLovius
ID: 38840131
you do not appear to have anything set for the "Connect user", this should be the full DN of the user.

is there a firewall configured on the Mac server ?
0
 

Author Comment

by:gpubit
ID: 38840221
The connect user is for LDAP authentication to access it. I am able to connect using the LDAP browser without any authentication, so I shouldn't need to use a Connect User. Also, since I am able to connect using the LDAP browser, there should be no firewall issues.

For what it's worth, I did try putting in a username and password, to no avail.
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 38840263
You are running an LDAP server with anonymous connections enabled directly accessible from the Internet ?

Nothing personal, but if I discovered an IT manager doing that they would be fired for gross incompetence.

If you can connect using the Mac directory utility from outside, but the PHP application cannot, I would suggest trying to telnet to the port from the server running the application and see if it blocked elsewhere.
0
 

Author Closing Comment

by:gpubit
ID: 38840620
The port was being blocked from the Web Server. Port opened, works fine.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question