Page 1 of 1

LDAP SSL Bind to Active Directory 2003

Posted: Fri Oct 28, 2005 3:59 pm
by axelseaa
Hello,

I have been trying to search out how to setup my Redhat server so that
php can use ldap over ssl to connect to an active directory server. I
have the server ca cert, but I'm not finding a clear answer of what to
do with it to get php to work.

Any suggestions? Thanks!

Posted: Fri Oct 28, 2005 6:05 pm
by pickle
First you need to bind to connect to the server using ldap_connect(). After that, you need to bind to the server as a particular user using ldap_bind(). If you're using ldap as a credential check, then that's all you need.

If you're searching your Active Directory for values though, you'll need to set up a filter (similar to: (cn=joeUser), a search context (similar to ou=organizationalGroup,o=yourOrganization) and do an ldap_list(). Finally, you'll need to do an ldap_get_entries() call on the results of that list and then you'll finally have your data.

There may be other ways of using LDAP, but that's how I do it.

Posted: Fri Oct 28, 2005 11:25 pm
by axelseaa
I can bind to the server just fine, my problem is that i want to connect to the ldap server using ssl. And there doesnt appear to be much, or any documenation on how to accomplish this.

I have the CA Cert from the Active Directory Server, I just don't know where to place it so that php can find it.

Does anyone have any idea on this?

Posted: Sun Oct 30, 2005 12:03 pm
by pickle
I think it's as simple as stating your binding address is ldaps:// as opposed to ldap://

Posted: Sun Oct 30, 2005 12:12 pm
by axelseaa
When you connect to an Active Directory server with LDAP over ssl, you need to install the server cert somewhere on the other server that is using php to connect to it. Im having trouble getting php to find this cert.

Posted: Sun Oct 30, 2005 3:25 pm
by pickle
Hmm, I've never had that problem. Is OpenSSL configured properly? I imagine LDAP is using OpenSSL for its secure connections, so if the certificate is accessible from OpenSSL, it should work.

I use Novell NDS at work, and I'm not sure how its different from Active Directory.