Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

php - Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Server is unavailable

Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Server is unavailable in /var/www/html/testldap/index.php on line 13 Ldap_start_tls failed

My configuration is as follows

Centos 5.7 PHP Version 5.3.3

php53-ldap configured. No matter what I try to do , the starttls issue is giving me a headache. Any help would be highly appreciated.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Well, what a fun journey I have been on with this one.

The problem you are having is that your machine does not accept the server's certificate as valid. The simple work around to this is to disable the check, which is done in the ldap.conf file, or with an environment variable.

You can edit the file at /etc/openldap/ldap.conf (c:openldapsysconfldap.conf on Windows) or create one if it doesn't already exist and put this line in it:

TLS_REQCERT never

...or you can create an environment variable named LDAPTLS_REQCERT with the value never.

Once I had done either of those things, the following script worked for me:

<?php

  // Settings
  $host = 'server.domain.local';
  $port = 389;
  $user = 'administrator';
  $pass = 'password';

  // Connect, set options and bind
  $ds = ldap_connect($host, $port);
  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) exit('Could not disable referrals');
  if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) exit('Could not disable referrals');
  if (!ldap_start_tls($ds)) exit('Could not start TLS');
  if (!ldap_bind($ds, $user, $pass)) exit('Bind operation failed');

  // A quick list operation to make sure it worked
  if (!$result = ldap_list($ds, 'dc=domain,dc=local', 'objectClass=*')) exit('List operation failed');
  print_r(ldap_get_entries($ds, $result));

Annoyingly, neither putenv('LDAPTLS_REQCERT=never'); nor $_ENV['LDAPTLS_REQCERT'] = 'never'; will work - you have to either create the config file or statically set the variable.

If you want to validate the certificates, you will need to do some further reading on how to configure OpenLDAP properly.

Sources for this:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...