| Problems getting LDAPS to work [message #166947] |
Fri, 06 April 2012 14:38  |
 |
Multitool
Messages: 47
Registered: February 2012
Karma:
|
Member |
|
|
For some reason, I can't seem to get LDAPS to work from within the FUDforum LDAP plugin. Normal LDAP works fine, but for some reason I always get a connection error when trying to use LDAPS.
If I create a stand-alone PHP script that is essentially exactly the same as the LDAP plugin code and run this separately, it always works. But running essentially the same code from within FUDforum does not work, and I can't understand why.
My stand-alone test script looks like this:
<?php
$ldapurl = 'ldaps://ldap.example.com/';
$ldapproxydn = '<proxy-dn>';
$ldapproxypassword = '<proxy-password>';
$connection = ldap_connect($ldapurl);
if (!$connection) {
echo 'Unable to connect to an LDAP server. (Debug 1)';
return 0;
}
@ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
// Connection made -- bind
$bind = @ldap_bind($connection, $ldapproxydn, $ldapproxypassword);
if (!$bind) {
echo 'Bind to LDAP failed:', ldap_error($connection), ' (Debug 3)';
return 0;
} else {
echo 'Success!';
}
ldap_close($connection);
?>
This ALWAYS works and binds successfully, regardless of whether I use LDAP or LDAPS. I even tried running the script as the 'apache' user, and it still worked perfectly. 
However, the identical code when called within FUDforum does not work if LDAPS is used - it only works if I change the url to use normal LDAP.
I can see from tcpdump that FUDforum is communicating with the LDAPS server on port 636, but obviously I can't see inside any of the packets as they're encrypted 
Any ideas why this would work outside of FUDforum, but not when called from within FUDforum?
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]