Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 648
  • Last Modified:

CentOS PHP connection to LDAP via LDAPS

Hi Everyone,

I have a server configured with openSuse that connects to our Novell LDAP trees via ldaps.  Now we are starting to move to CentOS and I'm having trouble configuring it the same way.

On the OpenSuse server, I would install all the php ldap, openldap, openssl components.  I would install our certificate.  Then I'd edit /etc/ldap.conf file and add in
TLS_REQCERT never
TLS_CRLCHECK never
TLS_CACERT /etc/ssl/certs/ldap.pem

I would also edit /etc/openldap/ldap.conf and add this:

TLS_REQCERT never
TLS_CRLCHECK never

TLS_CACERT /etc/ssl/certs/ldap.pem
TLS_CACERTDIR /etc/ssl/certs

Once I did this I could use ldaps no problem.

Now, in CentOS I'm trying to achieve the same thing,  But I can't find a /etc/ldap.conf file.

Any direction on this would be greatly appreciated.
0
Tigger996
Asked:
Tigger996
  • 5
  • 4
1 Solution
 
gheistCommented:
It is in /etc/openldap
0
 
Tigger996Author Commented:
In OpenSuse, there is /etc/ldap.conf and /etc/openldap/ldap.conf.   For me to get php to connect via ldaps I had to put the added code in both.  

Do you have any other suggestions on what I can try?
0
 
gheistCommented:
Following ldap.conf files are used if at all.
I suggest you go with first one only as others aew used by other separate services.

/etc/openldap/ldap.conf
/etc/openvpn/auth/ldap.conf
/usr/share/doc/openssh-ldap-5.3p1/ldap.conf
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Tigger996Author Commented:
I have edited the /etc/openldap/ldap.conf file and I still can't connect in php to ldaps but I can't connect to the ldap server with no ldaps.
0
 
gheistCommented:
TLS_REQCERT never
should be entered in first file as in
"man ldap.conf"
and other files cleaned up from apache's profile
0
 
Tigger996Author Commented:
What do you mean " other files cleaned up from apache's profile "
0
 
gheistCommented:
.ldaprc in /var/www and similar
0
 
gheistCommented:
Check also audit logs (grep AVC /var/log/audit/audit.log) for SELinux violations.
0
 
Tigger996Author Commented:
I figured out a couple of things.  I was using the adodb library for php and it was not connecting right.  Once I did some testing and updated some files I figured out that it was in fact connecting via ldaps and all works great now.

Thank you for your patience.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now