LDAPS 未与 PHP 连接
我在使用 Windows 连接到安全 LDAP 服务器时遇到问题,而且我在网上到处都看到同样的情况,但到目前为止还没有有效的解决方案。
我尝试过同时使用 IIS 和 WAMPSERVER。我已将 libeay32.dll 和 ssleay32.dll 放入 SYSTEM32 目录中并启用 LDAP 扩展。
这是我的代码:
putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$resource = ldap_connect("ldaps://{redacted}/", 636) or die ("Could not connect.");
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3)
$bound = ldap_bind($resource, "{redacted}\ldap", "****");
echo ldap_error($resource);
我从 ldap_error 中得到 Can't contact LDAP server 和 PHP 警告 Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can' t contact C:\wamp\www\ldapTest.php 中的 LDAP 服务器
我尝试连接的服务器正在运行 Active Directory,并且我已确认可以使用其他 LDAP 工具进行连接。我知道该服务器的证书有问题 - 我正在使用的 LDAP 工具显示 您尝试连接的服务器正在使用无法验证的证书! - 找不到颁发者证书
我怀疑错误的证书导致了绑定问题,这就是我尝试 LDAPTLS_REQCERT=never 的原因。
I'm having issues using Windows to connect to a secure LDAP server, and I see the same thing everywhere online with no solution thats worked so far.
I have tried using both IIS and WAMPSERVER. I have put libeay32.dll and ssleay32.dll in my SYSTEM32 directory and enabled the LDAP extension.
Here is my code:
putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$resource = ldap_connect("ldaps://{redacted}/", 636) or die ("Could not connect.");
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3)
$bound = ldap_bind($resource, "{redacted}\ldap", "****");
echo ldap_error($resource);
I get Can't contact LDAP server from ldap_error and the PHP warning Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:\wamp\www\ldapTest.php
The server I am attempting to connect to is running Active Directory and I have confirmed that I can connect by using other LDAP tools. I know this server has an issue with it's certificate - the LDAP tool I am using says The server you are trying to connect to is using a certificate which could not be verified! - Issuer certificate not found
My suspicion is that the bad certificate is causing the bind issue which is why I've tried the LDAPTLS_REQCERT=never.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不记得在哪里找到这篇文章;但是我发现默认情况下即使您指定 TLS_REQCERT 也不会被忽略。
我发现/然后忘记了,再次发现你需要执行以下操作(对于 Windows 机器)
c:\OpenLDAP\sysconf (创建两个文件夹)
“TLS_REQCERT never”(不带引号)
尝试一下。祝你好运!
I can't recall where I found this one article; however I found out that by default even if you specify the TLS_REQCERT never it is ignored.
What I found out / then forgot about and found out again is you need to do the following (for windows machines)
c:\OpenLDAP\sysconf (create the two folders)
"TLS_REQCERT never" (Without the quotes)
Give it a try. and good luck!
您可以尝试更改以下行:
直接在 URI 中使用您的端口号 已知
此行有效,而其他行则无效。
You can try changing the following line:
To use your port number directly in the URI instead
This has been known to work when the other will not.