How to connect to an SSL OpenLdap

After a lot of troubleshooting I managed to connect to an ssl OpenLdap and I would like to share this information with you.

Some of the problems that you may encounter are:

Ldap host.

Verify, using ping if you have access to the ldap server.

I suggest you try both, IP and hostname. In some configurations the dns name of the ldap host is working fine, but sometimes it doesn't. So try both in case you have problems.

SSL specific problems

For php, try
ldap_connect("ldaps://host", port)
ldap_connect("ldaps://host:port")

If the host you are using to invoke the scripts does not have a ssl certificate installed then you have to add the following line to your ldap.conf:
TLS_REQCERT     never

Sample php script

Here is a sample script to connect to a secured OpenLdap. Also the script assumes that you DON'T have anonymous access to the LDAP server. In case you do have, then just do a bind with no credentials.
You must change the parameters in the beginning of the script in order to match your organization's OpenLdap configuration.


<?php
// Set the parameters below to fit your organization's openldap
$basedn = "DC=example,DC=com";
$login = "user";
$ldapuser = "uid=$login,ou=people,dc=example,dc=com";
$ldappass = "pass";
$filter = "(uid=$login)";
$ldapurl = "ldaps://ldap.example.com:XXX"; 
$LDAPFieldsToFind = array("cn", "mail");
$debug = false;

// Set debugging
if ($debug) {
  ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
}

// connect to ldap server
$ldapconn = ldap_connect($ldapurl) or die ("Couldn't connect");

// binding to ldap server
echo "Trying to bind with $ldapuser - $ldappass\n";
$ldapbind = @ldap_bind($ldapconn, $ldapuser, $ldappass);

if (!$ldapbind) {
  echo "Unable to bind to server $ldapurl\n";
  echo "OpenLdap error message: " . ldap_error($ldapconn) . "\n";
  exit;
}

echo "Bind succesfull\n";
echo "\nSearching in base_dn $basedn - filter: $filter\n";    
$userdetails = ldap_search($ldapconn, $basedn, $filter, $LDAPFieldsToFind);
$info = ldap_get_entries($ldapconn, $userdetails);

for ($x=0; $x<$info["count"]; $x++) {
$email=$info[$x]['mail'][0];
$nam=$info[$x]['cn'][0];
  print "\n\nOpenLdap attributes:\n";
  print "CN is: $nam \n";
  print "Mail is: $email\n";
}
  
if ($x==0) { echo "\nOops, was not found. Please try again."; }

?>

2 comments:

  1. Ethereum shrewd agreement improvement includes making self-executing arrangements that consequently uphold the provisions of an agreement when certain circumstances are met. Savvy contracts run on the Ethereum blockchain and are recorded on its public record, making them straightforward, secure, and sealed. They can be utilized both for basic exchanges, such as trading money or resources, and complex tasks, like decentralized trades, casting a ballot frameworks, and store network the board. Shrewd agreement advancement administrations can expand productivity, security, and computerization in their activities and exchanges. Since brilliant agreements are self-executing and run on a decentralized organization, they can lessen the requirement for middle people and increment straightforwardness in different business processes>> ethereum dapps development company

    ReplyDelete
  2. At Attract Group, the quality assurance services are top-notch and truly set them apart from the competition. Their team's expertise and attention to detail ensure that every project is thoroughly tested and meets the highest quality standards. Clients can trust that their software will be free of bugs and errors, delivering a seamless user experience. With Attract Group's dedication to quality assurance, businesses can feel confident in the reliability and performance of their products.

    ReplyDelete