警告:ldap_start_tls()[function.ldap-start-tls]:无法启动TLS:服务器不可用


警告:ldap_start_tls()[function.ldap-start-tls]:无法启动TLS :服务器在第13行的/var/www/html/testldap/index.php中不可用
Ldap_start_tls失败</ p>
</ blockquote>

我的配置如下</ p>

Centos 5.7 PHP版本5.3.3 </ p>

php53-ldap已配置。 无论我尝试做什么,起初问题让我头疼。 任何帮助都将受到高度赞赏。</ p>
</ div>

展开原文

原文

Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Server is unavailable in /var/www/html/testldap/index.php on line 13 Ldap_start_tls failed

My configuration is as follows

Centos 5.7 PHP Version 5.3.3

php53-ldap configured. No matter what I try to do , the starttls issue is giving me a headache. Any help would be highly appreciated.

php
doucuo8618
doucuo8618 请显示您的代码,并告知您尝试连接的LDAP提供程序。
8 年多之前 回复

2个回答

Well, what a fun journey I have been on with this one.

The problem you are having is that your machine does not accept the server's certificate as valid. The simple work around to this is to disable the check, which is done in the ldap.conf file, or with an environment variable.

You can edit the file at /etc/openldap/ldap.conf (c:\openldap\sysconf\ldap.conf on Windows) or create one if it doesn't already exist and put this line in it:

TLS_REQCERT never

...or you can create an environment variable named LDAPTLS_REQCERT with the value never.

Once I had done either of those things, the following script worked for me:

<?php

  // Settings
  $host = 'server.domain.local';
  $port = 389;
  $user = 'administrator';
  $pass = 'password';

  // Connect, set options and bind
  $ds = ldap_connect($host, $port);
  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) exit('Could not disable referrals');
  if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) exit('Could not disable referrals');
  if (!ldap_start_tls($ds)) exit('Could not start TLS');
  if (!ldap_bind($ds, $user, $pass)) exit('Bind operation failed');

  // A quick list operation to make sure it worked
  if (!$result = ldap_list($ds, 'dc=domain,dc=local', 'objectClass=*')) exit('List operation failed');
  print_r(ldap_get_entries($ds, $result));

Annoyingly, neither putenv('LDAPTLS_REQCERT=never'); nor $_ENV['LDAPTLS_REQCERT'] = 'never'; will work - you have to either create the config file or statically set the variable.

If you want to validate the certificates, you will need to do some further reading on how to configure OpenLDAP properly.

Sources for this:

doupuchao4256
doupuchao4256 ,我能够在允许较低安全协议(如TLS 1.1及更低版本)的LDAP服务器上连接此方法,但我尝试安全连接到仅允许TLS 1.2的LDAP服务器。 我得到一个“无法连接到LDAP服务器”(如果我不安全地连接,它是成功的)。 我确信TLS 1.2协议已在我这边启用。 确保通过检查Windows注册表,并能够通过浏览器(如IE,Chrome)通过TLS 1.2连接。 关于我的问题可能是什么的任何线索。 很感激帮助。
2 年多之前 回复
dtf579777
dtf579777 生命保护。 mkdir C:\ openldap \ sysconf。
3 年多之前 回复



您是否已安装 PHP --with-ldap [= DIR]?</ p>

此外:</ p>


  1. 如果您已通过SSL连接到LDAP服务器,请不要使用ldap_start_tls() “ldaps:// hostame”。</ li>
  2. 使用ldap://而不是ldaps://调用ldap_connect()以使ldap_start_tls()成功</ li>
    </ ol>

    来源。</ p>

    </ div>

展开原文

原文

Did you installed PHP --with-ldap[=DIR]?

Also:

  1. Do not use ldap_start_tls() if you've already connected to the LDAP Server via SSL e.g. "ldaps://hostame".
  2. call ldap_connect() with ldap:// rather than ldaps:// for ldap_start_tls() to succeed

Source.

dongxiong1941
dongxiong1941 我已经使用php-ldap配置了php我有来自我的系统管理员的活动目录的设置,因此需要使用它们。
8 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问