Solved

CentOS PHP connection to LDAP via LDAPS

Posted on 2014-09-03
9
546 Views
Last Modified: 2014-09-11
Hi Everyone,

I have a server configured with openSuse that connects to our Novell LDAP trees via ldaps.  Now we are starting to move to CentOS and I'm having trouble configuring it the same way.

On the OpenSuse server, I would install all the php ldap, openldap, openssl components.  I would install our certificate.  Then I'd edit /etc/ldap.conf file and add in
TLS_REQCERT never
TLS_CRLCHECK never
TLS_CACERT /etc/ssl/certs/ldap.pem

I would also edit /etc/openldap/ldap.conf and add this:

TLS_REQCERT never
TLS_CRLCHECK never

TLS_CACERT /etc/ssl/certs/ldap.pem
TLS_CACERTDIR /etc/ssl/certs

Once I did this I could use ldaps no problem.

Now, in CentOS I'm trying to achieve the same thing,  But I can't find a /etc/ldap.conf file.

Any direction on this would be greatly appreciated.
0
Comment
Question by:Tigger996
  • 5
  • 4
9 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40303063
It is in /etc/openldap
0
 

Author Comment

by:Tigger996
ID: 40306190
In OpenSuse, there is /etc/ldap.conf and /etc/openldap/ldap.conf.   For me to get php to connect via ldaps I had to put the added code in both.  

Do you have any other suggestions on what I can try?
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 40309325
Following ldap.conf files are used if at all.
I suggest you go with first one only as others aew used by other separate services.

/etc/openldap/ldap.conf
/etc/openvpn/auth/ldap.conf
/usr/share/doc/openssh-ldap-5.3p1/ldap.conf
0
 

Author Comment

by:Tigger996
ID: 40310580
I have edited the /etc/openldap/ldap.conf file and I still can't connect in php to ldaps but I can't connect to the ldap server with no ldaps.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 61

Expert Comment

by:gheist
ID: 40311501
TLS_REQCERT never
should be entered in first file as in
"man ldap.conf"
and other files cleaned up from apache's profile
0
 

Author Comment

by:Tigger996
ID: 40312565
What do you mean " other files cleaned up from apache's profile "
0
 
LVL 61

Expert Comment

by:gheist
ID: 40312595
.ldaprc in /var/www and similar
0
 
LVL 61

Expert Comment

by:gheist
ID: 40312601
Check also audit logs (grep AVC /var/log/audit/audit.log) for SELinux violations.
0
 

Author Comment

by:Tigger996
ID: 40317530
I figured out a couple of things.  I was using the adodb library for php and it was not connecting right.  Once I did some testing and updated some files I figured out that it was in fact connecting via ldaps and all works great now.

Thank you for your patience.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
The viewer will learn how to count occurrences of each item in an array.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now