Menu
I'm trying to bind to an LDAP server using PHP. It's a fairly straightforward process, except that I can't get around a certificate error that I'm getting. My auth credentials are fine, since I can connect to the server with Apache Directory Studio. Is there any way to just automatically accept the server cert? Similar to how you click "Accept this cert.." with Apache directory studio? I know it's not good security, but I just need to make it work at this point and can square away the cert issue later.
Thanks
702
According to windowsitpro.com: As an option, you can use LDAPS for client authentication -- but doing so requires that you also install a client authentication certificate on each of your clients." As an option. It's not required.
You don't specify the environment, so here's the answer (found elsewhere on this site: How do I solve ldap_start_tls() "Unable to start TLS: Connect error" in PHP? ):
Linux: on the client machine (PHP web server) modify the ldap.conf file that the systems is using, in RH/Fedora the file you want is /etc/openldap/ldap.conf (not /etc/ldap.conf, that is for system authentication...) . Add/modify the following line:
TLS_REQCERT never
Windows: Add a system environment variable like the following:
LDAPTLS_REQCERT=never
Or in your PHP code, before the ldap_connect, put the following:
putenv('LDAPTLS_REQCERT=never');
These will insure the client web server PHP instance never checks the FQDN of the server against the CN (common name) of the certificate. Very helpful in cluster environments where a virtual IP and certificate for that is used. But since this also makes it so that the other tools/applications in the entire OS on the web server machine will not check this either, please insure that your environment allows this change (high-security environments might not allow it).
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
