警告：ldap_start_tls() [function.ldap-start-tls]：无法启动 TLS：服务器不可用

发布于 2024-12-20 16:04:42 字数 271 浏览 5 评论 0原文

警告：ldap_start_tls() [function.ldap-start-tls]：无法启动 TLS：第 13 行 /var/www/html/testldap/index.php 中的服务器不可用 Ldap_start_tls失败

我的配置如下

Centos 5.7 PHP Version 5.3.3

php53-ldap 配置的。无论我尝试做什么，starttls 问题都让我头疼。任何帮助将不胜感激。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

Oo萌小芽oO 2024-12-27 16:04:42

嗯，我和这个人一起度过了一段多么有趣的旅程。

您遇到的问题是您的计算机不接受服务器的有效证书。解决此问题的简单方法是禁用检查，这是在 ldap.conf 文件中或使用环境变量完成的。

您可以在 /etc/openldap/ldap.conf（Windows 上为 c:\openldap\sysconf\ldap.conf）编辑该文件，如果没有，则创建一个已经存在并将此行放入其中：

TLS_REQCERT never

...或者您可以创建一个名为 LDAPTLS_REQCERT 且值为 never 的环境变量。

一旦我完成了其中任何一件事，以下脚本就对我有用：

<?php

  // Settings
  $host = 'server.domain.local';
  $port = 389;
  $user = 'administrator';
  $pass = 'password';

  // Connect, set options and bind
  $ds = ldap_connect($host, $port);
  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) exit('Could not disable referrals');
  if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) exit('Could not disable referrals');
  if (!ldap_start_tls($ds)) exit('Could not start TLS');
  if (!ldap_bind($ds, $user, $pass)) exit('Bind operation failed');

  // A quick list operation to make sure it worked
  if (!$result = ldap_list($ds, 'dc=domain,dc=local', 'objectClass=*')) exit('List operation failed');
  print_r(ldap_get_entries($ds, $result));

令人烦恼的是，既没有 putenv('LDAPTLS_REQCERT=never'); 也没有 $_ENV['LDAPTLS_REQCERT'] = 'never' ; 可以工作 - 您必须创建配置文件或静态设置变量。

如果您想验证证书，您需要进一步阅读如何正确配置 OpenLDAP。

来源：

Well, what a fun journey I have been on with this one.

The problem you are having is that your machine does not accept the server's certificate as valid. The simple work around to this is to disable the check, which is done in the ldap.conf file, or with an environment variable.

You can edit the file at /etc/openldap/ldap.conf (c:\openldap\sysconf\ldap.conf on Windows) or create one if it doesn't already exist and put this line in it:

TLS_REQCERT never

...or you can create an environment variable named LDAPTLS_REQCERT with the value never.

Once I had done either of those things, the following script worked for me:

<?php

  // Settings
  $host = 'server.domain.local';
  $port = 389;
  $user = 'administrator';
  $pass = 'password';

  // Connect, set options and bind
  $ds = ldap_connect($host, $port);
  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) exit('Could not disable referrals');
  if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) exit('Could not disable referrals');
  if (!ldap_start_tls($ds)) exit('Could not start TLS');
  if (!ldap_bind($ds, $user, $pass)) exit('Bind operation failed');

  // A quick list operation to make sure it worked
  if (!$result = ldap_list($ds, 'dc=domain,dc=local', 'objectClass=*')) exit('List operation failed');
  print_r(ldap_get_entries($ds, $result));

Annoyingly, neither putenv('LDAPTLS_REQCERT=never'); nor $_ENV['LDAPTLS_REQCERT'] = 'never'; will work - you have to either create the config file or statically set the variable.

If you want to validate the certificates, you will need to do some further reading on how to configure OpenLDAP properly.

Sources for this:

回复收藏 0 原文