LDAPS 未与 PHP 连接

2022-01-07 00:00:00 ldap active-directory php

我在使用 Windows 连接到安全的 LDAP 服务器时遇到问题,而且我在网上到处都看到同样的事情,但目前还没有有效的解决方案.

I'm having issues using Windows to connect to a secure LDAP server, and I see the same thing everywhere online with no solution thats worked so far.

我曾尝试同时使用 IIS 和 WAMPSERVER.我已将 libeay32.dll 和 ssleay32.dll 放在我的 SYSTEM32 目录中并启用了 LDAP 扩展.

I have tried using both IIS and WAMPSERVER. I have put libeay32.dll and ssleay32.dll in my SYSTEM32 directory and enabled the LDAP extension.

这是我的代码:

putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$resource = ldap_connect("ldaps://{redacted}/", 636) or die ("Could not connect.");
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3)
$bound = ldap_bind($resource, "{redacted}ldap", "****");

echo ldap_error($resource);

我收到 Can't contact LDAP server 从 ldap_error 和 PHP 警告 Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contactLDAP 服务器在 C:wampwwwldapTest.php

I get Can't contact LDAP server from ldap_error and the PHP warning Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:wampwwwldapTest.php

我尝试连接的服务器正在运行 Active Directory,并且我已确认我可以使用其他 LDAP 工具进行连接.我知道这台服务器的证书有问题 - 我正在使用的 LDAP 工具说 您尝试连接的服务器正在使用无法验证的证书!- 未找到颁发者证书

The server I am attempting to connect to is running Active Directory and I have confirmed that I can connect by using other LDAP tools. I know this server has an issue with it's certificate - the LDAP tool I am using says The server you are trying to connect to is using a certificate which could not be verified! - Issuer certificate not found

我怀疑是错误的证书导致了绑定问题,这就是我尝试 LDAPTLS_REQCERT=never 的原因.

My suspicion is that the bad certificate is causing the bind issue which is why I've tried the LDAPTLS_REQCERT=never.

推荐答案

我想不起来在哪里找到这篇文章;但是我发现默认情况下即使您指定 TLS_REQCERT 也不会被忽略.

I can't recall where I found this one article; however I found out that by default even if you specify the TLS_REQCERT never it is ignored.

我发现/然后忘记并再次发现的是您需要执行以下操作(对于Windows机器)

What I found out / then forgot about and found out again is you need to do the following (for windows machines)

  1. 在你的c盘根目录下创建以下目录结构c:OpenLDAPsysconf(创建两个文件夹)
  2. 在 sysconf 文件夹内创建一个名为ldap.conf"的文本文件
  3. 在您创建的文本文件中,将以下内容放在第一行,然后保存TLS_REQCERT never"(没有引号)
  4. 重新启动 Apache,它现在应该可以工作了.

试一试.祝你好运!

相关文章