Help | Site Map
Connecting Tech Pros Worldwide
bytes > groups > PHP
 
 
LinkBack Thread Tools
  #1  
Old January 17th, 2007, 07:55 AM
Steve JORDI
Guest
  
Posts: n/a
Default -> LDAP in SSL problem <-
Hi,

it seems to me that I have a problem using an LDAPS connection
to our server for identification purposes (using OpenLDAP and
OpenSSL).

Using PHP 4.4.4 I have the following code which correctly
binds in SSL but any "search" for attributes and their values
seems to return only the attributes for an anonymous connection.
Thus, this is restricted to a few ones instead of having them all
(especially the groupMembership I'm looking for).


$ldapconn = ldap_connect("ldaps://ldapserver", 636 )
or die( "Connection problem.<BR>" ) ;

if (ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "Using LDAPv3<BR>\n";
} else {
echo "Failed to set protocol version to 3";
}

// Verify whether the provided name exists
$ldapresult = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;
if( $ldapresult ) {
// User exists, now retrieve his DN and bind in SSL
$entries = @ldap_get_entries( $ldapconn, $ldapresult ) ;
if( $entries["count"] ) {
$ldapbind = ldap_bind( $ldapconn, $entries[0]['dn'], $pwd ) ;
if( $ldapbind ) {
echo "Succesfully bound<BR>" ;
// do some new ldap_search here
...
}
else {
echo "Bound failed<br>" ;
}
}
}

This prints "Succesfully bound" with the correct credentials.

That's where I have a doubt. How does the ldap function then work
knowing it has correct credentials?

After the succesful bind, if I do another search, I still get the
basic attributes (about 6 of them), not all of them.
For example:
$result = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;

Does ldap_bind change the content of $ldapconn in order to know
that we're now securely authotified???

I really miss something there. Does the ldap_bind call change anything
to the ldap function behaviors after being succesful?
How does the application know we're correctly identified?

The server has a valid certificate (the bind() wouldn't work anyway if
that were not the case).

Thanks for any help.


Sincerely,
Steve JORDI

(Remove the K_I_L_LSPAM from my email address)
------------------------------------------------
1197 Prangins Email: stevejordiK_I_L_LSPAM@hotmail.com
Switzerland WWW: www.sjordi.com
------------------------------------------------
Volcanoes at www.sjordi.com/volcanoes
MovieDB at www.sjmoviedb.com
------------------------------------------------
  #2  
Old January 17th, 2007, 10:15 AM
Steve JORDI
Guest
  
Posts: n/a
Default Re: -> LDAP in SSL problem <-
forget about it,
a new call to ldap_search just after the bind works ok.
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over network members.
Post your question now . . .
It's fast and it's free

Popular Articles
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved