Php on centos 6 try to change data in an active directory on a windows 2008 r2


#1

Hello
I’ve got a dedicated server from ovh.

  • 1 virtual machine in centos 6 with a certificate on https://secure.mydomain.com -> it’s working
  • 1 virtual machine – windows 2008 R2 with an active directory.
    With a script in php I would change data in the active directory.
    For the moment reading data (port 389) working well
    But with port 636 (needed to change data) I receive an error, Can’t contact LDAP server.
    The port 636 is open.
    Is someone knows what to do on the windows server?
    I’ve put the certificate on the folder https://www.geocerts.com/assets/export_import_6-696f2cdfbc3c9ebc5f1623ad244c3adb.gif but with no success :frowning:

Thank you for your help

Bertrand


#2

hi beletot

whats is the question here?

how does this relate to LetsEncrypt or PKI in general


#3

I am going to go with that you are trying to use LDAPS

LDAP comes in two flavrous

LDAP - unsecured on port 389
LDAPS - secured with an SSL certificate - usually port 636

review the LDAPS syntax here http://php.net/manual/en/function.ldap-connect.php

you need to use LDAPS on port 636 as most ldap servers bind the LDAPS protocol to that port


#4

Hi,

My php code
is good, I’m using it on another server with ldaps.

But it’s on the same server.

Ldap 389 centos -> windows = ok (no certificate needed)
Ldaps 636 centos -> windows = Can’t contact LDAP server

I don’t know where I need to put my certificate on my windows server.


#5

hi beleot

do you have a LetsEncrypt certificate and private key?


#6

otherwise http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx


#7

Hello ahaw021,

Yes i have
a certificate and a private key.

I just discovered
that i can have a certificate for my vhost and another for openldap.

I have
found this link (it’s in french) http://geekdefrance.fr/2010/08/10/tuto-modifier-les-mots-de-passe-active-directory-avec-php/
I will try to understand what the guy do

Thanks’ for your time


#8

hi beletot

you will need to convert the key and certificate to the pfx format

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke?trk=mp-reader-card

at the bottom there is a walk through on how to do that


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.