Solved

Open Directory, LDAP, and PHP/Joomla

Posted on 2013-01-29
7
791 Views
Last Modified: 2013-11-19
I am attempting to setup our Joomla Intranet to connect to our Open Directory server (Mac Server 10.6.8) for authentication using LDAP.

I have opened the LDAP port and assigned it a static outside IP. I can connect to the Open Directory using this IP address from outside the network using the Directory Utility in Mac OS.

I cannot seem to find the proper information to get our webserver (external/CENTOS) to connect to the it. LDAP support is installed on the webserver.

What Base DN and Web DN should I use? Do I need a connect user and password? Do I use Search or not? I know I use LDAP V3. I tried the Base DN listed in the Server Manager, but that doesn't work. Using a PHP LDAP Debug tool, it just says it cannot connect to the server.

Any suggestions? Is there something else I have to set up?

Thanks!!
0
Comment
Question by:gpubit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 38833752
First of all

If you are connecting to OD over the internet, you want to secure the traffic over SSL with LDAPS on port 636 rather than just LDAP on port 389. With LDAP on port 389 the usernames and passwords re sent in plaintext...

You would usually configure an LDAP server to not allow anonymous binds, therefore you will need to specify the user to make the initial bind with in the form CN= etc etc

I would suggest that you used an LDAP browser on your local machine to confirm the correct user DN and Base DN before testing it on your Joomla site.
0
 

Author Comment

by:gpubit
ID: 38839557
I would like to get this working as the settings are, before changing how the LDAP server is set up. I would like to try to get it to work on LDAP 389.

Do you have any suggestions specifically relating to PHP LDAP access and Open Directory on a Mac Server?
0
 

Author Comment

by:gpubit
ID: 38839593
I am able to connect fine using an LDAP browser. Here is what happens when I try to connect via PHP though:

Screenshot
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 37

Expert Comment

by:ArneLovius
ID: 38840131
you do not appear to have anything set for the "Connect user", this should be the full DN of the user.

is there a firewall configured on the Mac server ?
0
 

Author Comment

by:gpubit
ID: 38840221
The connect user is for LDAP authentication to access it. I am able to connect using the LDAP browser without any authentication, so I shouldn't need to use a Connect User. Also, since I am able to connect using the LDAP browser, there should be no firewall issues.

For what it's worth, I did try putting in a username and password, to no avail.
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 500 total points
ID: 38840263
You are running an LDAP server with anonymous connections enabled directly accessible from the Internet ?

Nothing personal, but if I discovered an IT manager doing that they would be fired for gross incompetence.

If you can connect using the Mac directory utility from outside, but the PHP application cannot, I would suggest trying to telnet to the port from the server running the application and see if it blocked elsewhere.
0
 

Author Closing Comment

by:gpubit
ID: 38840620
The port was being blocked from the Web Server. Port opened, works fine.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question