|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg  ldap_start_tls
Start TLS
(PHP 4 >= 4.2.0, PHP 5)
Code Examples / Notes » ldap_start_tlsbill
Please note there is a difference between ldaps and start-TLS for ldap. start-TLS uses port 389, while ldaps uses port 636. ldaps has been deprecated in favour of start-TLS for ldap. Both encrypted (start-TLS ldap) and unencrypted ldap (ldap) run on port 389 concurrently. Errors encountered are generally due to misunderstanding how to implement TLS-encrypted ldap. claar
Note that (in my very limited experience) you cannot use the ldaps protocol with tls, or ldap_start_tls() will report "ldap_start_tls(): Unable to start TLS: Operations error", and ldap_error() will return error code 1. I found that I had to call ldap_connect() with ldap:// rather than ldaps:// for ldap_start_tls() to succeed. Hope this helps someone! on
More on TLS start. It seems that either you ldap_connect to ldaps://, port 636 or you ldap_tls_start. In my case, using ldaps on port 636 (to be sure I enforce TLS) the connection will go like: $LDAP_SERVER="ldaps://ldap.../"; $LDAP_PORT=636; $ds = ldap_connect($LDAP_SERVER,$LDAP_PORT); if ($ds) { if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported."); } /*** NO NEED *** * if (!ldap_start_tls($ds)) { * exit; * } ***/ // now we need to bind anonymously to the ldap server $bth = ldap_bind($ds); //make your query wirges-at-cerias.purdue.edu
It should be mentioned, that TLS connections for LDAP *REQUIRE* you to use LDAP Protocol version 3. By default, PHP uses Protocol 2. Therefore, if you do not know this, you may be puzzled as to why you get "TLS not supported" error. To get around this, just use ldap_set_option to make the LDAP connection use Protocol 3 (if supported). For example: $ds = ldap_connect($LDAP_SERVER,$LDAP_PORT); if ($ds) { if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported."); } if (!ldap_start_tls($ds)) { fatal_error("Ldap_start_tls failed"); } // now we need to bind anonymously to the ldap server $bth = ldap_bind($ds); //make your query } technosophos
If your version was linked against the OpenLDAP libraries, you may want to look at the ldap.conf file for more information about specifying SSL/TLS behavior. Apparently, the settings in ldap.conf make a different in the way SSL/TLS is handled by PHP.
|
Change Language
ldap_8859_to_t61 ldap_add ldap_bind ldap_close ldap_compare ldap_connect ldap_count_entries ldap_delete ldap_dn2ufn ldap_err2str ldap_errno ldap_error ldap_explode_dn ldap_first_attribute ldap_first_entry ldap_first_reference ldap_free_result ldap_get_attributes ldap_get_dn ldap_get_entries ldap_get_option ldap_get_values_len ldap_get_values ldap_list ldap_mod_add ldap_mod_del ldap_mod_replace ldap_modify ldap_next_attribute ldap_next_entry ldap_next_reference ldap_parse_reference ldap_parse_result ldap_read ldap_rename ldap_sasl_bind ldap_search ldap_set_option ldap_set_rebind_proc ldap_sort ldap_start_tls ldap_t61_to_8859 ldap_unbind |
