无法使用“启动TLS”连接到LDAP服务器。收到以下错误: “ PHP消息:PHP警告:ldap_start_tls():无法启动TLS:连接错误
此PHP程序在具有PHP 7.2.17 Nginx 1.12.2的RHEL 7.6 Linux实例上运行。它正在尝试连接到Windows Server 2016上运行的Active Directory服务器。该程序的目的是为用户提供一个Web界面,以重置其AD密码。 Active Directory服务器也是一个证书颁发机构,而CA证书位于Linux服务器上。任何帮助表示赞赏!
PHP中的LDAP配置
# LDAP
$ldap_url = "ldap://hostname.domain.com:389";
$ldap_starttls = true;
$ldap_binddn = "cn=service,ou=Service Accounts,dc=domain,dc=com";
$ldap_bindpw = "password";
$ldap_base = "dc=domain,dc=com";
$ldap_login_attribute = "sAMAccountName";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
\ etc \ openldap \ ldap.conf中的OpenLDAP配置:
TLS_CACERT /etc/openldap/certs/rootCA.cer
PHP函数:
if ( $result === "" ) {
# Connect to LDAP
$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ( $ldap_starttls && !ldap_start_tls($ldap) ) {
$result = "ldaperror";
error_log("LDAP - Unable to use StartTLS");
} else {
# Bind
if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
} else {
$bind = ldap_bind($ldap);
}
if ( !$bind ) {
$result = "ldaperror";
$errno = ldap_errno($ldap);
if ( $errno ) {
error_log("LDAP - Bind error $errno (".ldap_error($ldap).")");
}
我可以使用以下ldapsearch命令连接到Active Directory服务器
ldapsearch -h hoostname.domain.com -D "cn=service,ou=Service Accounts,dc=domain,dc=com" -b "dc=domain,dc=com" -W -ZZ