Php on centos 6 try to change data in an active directory on a windows 2008 r2

Hello
I’ve got a dedicated server from ovh.

  • 1 virtual machine in centos 6 with a certificate on https://secure.mydomain.com -> it’s working
  • 1 virtual machine – windows 2008 R2 with an active directory.
    With a script in php I would change data in the active directory.
    For the moment reading data (port 389) working well
    But with port 636 (needed to change data) I receive an error, Can’t contact LDAP server.
    The port 636 is open.
    Is someone knows what to do on the windows server?
    I’ve put the certificate on the folder https://www.geocerts.com/assets/export_import_6-696f2cdfbc3c9ebc5f1623ad244c3adb.gif but with no success :frowning:

Thank you for your help

Bertrand

hi beletot

whats is the question here?

how does this relate to LetsEncrypt or PKI in general

I am going to go with that you are trying to use LDAPS

LDAP comes in two flavrous

LDAP - unsecured on port 389
LDAPS - secured with an SSL certificate - usually port 636

review the LDAPS syntax here http://php.net/manual/en/function.ldap-connect.php

you need to use LDAPS on port 636 as most ldap servers bind the LDAPS protocol to that port

Hi,

My php code
is good, I’m using it on another server with ldaps.

But it’s on the same server.

Ldap 389 centos -> windows = ok (no certificate needed)
Ldaps 636 centos -> windows = Can’t contact LDAP server

I don’t know where I need to put my certificate on my windows server.

hi beleot

do you have a LetsEncrypt certificate and private key?

otherwise http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Hello ahaw021,

Yes i have
a certificate and a private key.

I just discovered
that i can have a certificate for my vhost and another for openldap.

I have
found this link (it’s in french) http://geekdefrance.fr/2010/08/10/tuto-modifier-les-mots-de-passe-active-directory-avec-php/
I will try to understand what the guy do

Thanks’ for your time

hi beletot

you will need to convert the key and certificate to the pfx format

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke?trk=mp-reader-card

at the bottom there is a walk through on how to do that

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.