我正在尝试从Windows 10 Xampp Apache Web服务器(客户端)安装程序连接到具有有效证书结构的Windows域控制器(AD)。 LDAP模块已激活。 如果我仅在ldap://上尝试不使用SSL / TLS进行连接,则其工作正常。这是我的ApiController:
username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$config = new Config();
$ldapConfig = $config->ldapConfig;
$adServer = "ldaps://" . $ldapConfig['adServer'];
$ldap = ldap_connect($adServer, 389);
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_X_TLS_REQUIRE_CERT, 1);
ldap_start_tls($ldap);
$bind = ldap_bind($ldap, $ldapConfig['dc'] . "\\" . $username, $password);
if (!($bind)) {
throw new ApiException('401 Unauthorized', ApiException::AUTHENTICATION_FAILED);
}
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 00000257419F0D50 request count 1 (abandoned 0)
** ld 00000257419F0D50 Response Queue:
Empty
ld 00000257419F0D50 response count 0
ldap_chkResponseList ld 00000257419F0D50 msgid 1 all 1
ldap_chkResponseList returns ld 00000257419F0D50 NULL
ldap_int_select
read1msg: ld 00000257419F0D50 msgid 1 all 1
read1msg: ld 00000257419F0D50 msgid 1 message type extended-result
read1msg: ld 00000257419F0D50 0 new referrals
read1msg: mark request completed, ld 00000257419F0D50 msgid 1
request done: ld 00000257419F0D50 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 20, subject: /C=DE/L=XXX/O=XXX/OU=XXX/CN=XXX Issuing V2, issuer: /C=DE/L=XXX/OU=XXX/O=XXX/CN=XXX Root V2
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS trace: SSL_connect:error in error
TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate).
ldap_err2string
[Wed Sep 30 12:52:15 2020] PHP Warning: ldap_start_tls(): Unable to start TLS: Connect error in C:\git\invoice-workflow\src\api\v1\Controller\ApiController.php on line 47
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 00000257419F0D50 msgid 2
wait4msg ld 00000257419F0D50 msgid 2 (infinite timeout)
wait4msg continue ld 00000257419F0D50 msgid 2 all 1
** ld 00000257419F0D50 Connections:
* host: svr100dc.alfru.net port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Sep 30 12:52:15 2020
** ld 00000257419F0D50 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 00000257419F0D50 request count 1 (abandoned 0)
** ld 00000257419F0D50 Response Queue:
Empty
ld 00000257419F0D50 response count 0
ldap_chkResponseList ld 00000257419F0D50 msgid 2 all 1
ldap_chkResponseList returns ld 00000257419F0D50 NULL
ldap_int_select
read1msg: ld 00000257419F0D50 msgid 2 all 1
ldap_err2string
[Wed Sep 30 12:52:15 2020] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in C:\git\invoice-workflow\src\api\v1\Controller\ApiController.php on line 49
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_free_connection: actually freed
[Wed Sep 30 12:52:15 2020] 127.0.0.1:55486 [401]: /src/api/v1/invoice
/ C = DE / L = XXX / O = XXX / OU = XXX / CN = XXX签发V2不是真正的证书...
我尝试过的一些事情: