4

I am using LDAPS authentication with Open source CMS ez publish. I have made all the configuration settings that I am suppoed to make. But, I still cannot get LDAPS authentication to work!

on debugging, I found that ldap_connect fails and it returns resourse id #80 or resource id #75 sometimes. Is there any documentation that describes what these resource ids mean? Even the php documentation of ldap_connect doesn't have any information on these resource ids. Or is there some thing else that I could have done wrong?

pavanred
  • 12,717
  • 14
  • 53
  • 59
  • ldap_connect is a tricky thing. can you show us some code (with the security parts obscured) ??!! – Thariama Dec 13 '10 at 09:58
  • There isn't much code that I have written for this. I just provide the LDAPVersion, LDAPServer, LDAPPort, LDAPBaseDn etc in a ezpublish config file and ezpublish uses the hostname and port and calls ldap_connect which is a php function. Which in my case failed on when I debugged I found they a particular resource id like I mentioned in the question. – pavanred Dec 13 '10 at 10:08

2 Answers2

3

The PHP manual on resources. Seems like ldap_connect() is successful. If it fails, it returns FALSE.

rik
  • 8,592
  • 1
  • 26
  • 21
  • Interesing.. I did a get_resource_type of the resource id returend by ldap_connect and that returned "ldap link". I did a quick search but didn't find much information about it, any idea what that means? – pavanred Dec 13 '10 at 10:28
  • From the manual: "A resource is a special variable, holding a reference to an external resource. Resources are created and used by special functions." In your case the "external resource" is ... well think of it as the end of a phone line that connects you with the LDAP server. Actually the type or ID of the resource are totally irrelevant. The type is always "ldap link" because that's what `ldap_connect()` is meant to create, and the ID is used by PHP internally to address the right "phone line" (you can hold multiple lines a.k.a. resources at the same time). – rik Dec 13 '10 at 10:46
1

The most common SSL related issue is trusting the certificate used in the connection.

If your LDAP servers SSL cert is not signed by a well known CA, or more correctly, by a CA known to your SSL library then it usually will fail. To resolve this you have to make your SSL library trust the CA.

Windows (IE), Firefox, Safari, etc all have their own keystore mechanisms and you can import certificates of the CA's Trusted Root into them. Then all certificates signed by that CA are now trustworthy.

Java uses JKS keystore files, old Netscape uses cert.db7 or cert.db8 files. No clue what PHP uses, however you ought to figure that aspect out.

geoffc
  • 4,030
  • 7
  • 44
  • 51