beletot
November 16, 2016, 12:18pm
1
Hello
I’ve got a dedicated server from ovh.
1 virtual machine in centos 6 with a certificate on https://secure.mydomain.com -> it’s working
1 virtual machine – windows 2008 R2 with an active directory.
With a script in php I would change data in the active directory.
For the moment reading data (port 389) working well
But with port 636 (needed to change data) I receive an error, Can’t contact LDAP server.
The port 636 is open.
Is someone knows what to do on the windows server?
I’ve put the certificate on the folder https://www.geocerts.com/assets/export_import_6-696f2cdfbc3c9ebc5f1623ad244c3adb.gif but with no success
Thank you for your help
Bertrand
ahaw021
November 17, 2016, 8:08am
2
hi beletot
whats is the question here?
how does this relate to LetsEncrypt or PKI in general
ahaw021
November 17, 2016, 8:19am
3
I am going to go with that you are trying to use LDAPS
LDAP comes in two flavrous
LDAP - unsecured on port 389
LDAPS - secured with an SSL certificate - usually port 636
review the LDAPS syntax here http://php.net/manual/en/function.ldap-connect.php
you need to use LDAPS on port 636 as most ldap servers bind the LDAPS protocol to that port
beletot
November 17, 2016, 9:15am
4
Hi,
My php code
is good, I’m using it on another server with ldaps.
But it’s on the same server.
Ldap 389 centos -> windows = ok (no certificate needed)
Ldaps 636 centos -> windows = Can’t contact LDAP server
I don’t know where I need to put my certificate on my windows server.
ahaw021
November 17, 2016, 9:38am
5
hi beleot
do you have a LetsEncrypt certificate and private key?
ahaw021
November 17, 2016, 9:42am
6
beletot
November 18, 2016, 9:10am
7
Hello ahaw021,
Yes i have
a certificate and a private key.
I just discovered
that i can have a certificate for my vhost and another for openldap.
I have
found this link (it’s in french) http://geekdefrance.fr/2010/08/10/tuto-modifier-les-mots-de-passe-active-directory-avec-php/
I will try to understand what the guy do
Thanks’ for your time
ahaw021
November 19, 2016, 12:10am
8
hi beletot
you will need to convert the key and certificate to the pfx format
https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke?trk=mp-reader-card
at the bottom there is a walk through on how to do that
system
Closed
December 19, 2016, 12:10am
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.