[SOLVED] Authentication to AD server via LDAPS

[geigers]

Hi everyone, I hope someone can help with this.  Here is the situation.

 

I have a RHEL server running Apache 2.2.4 with PHP 5.2.4, compiled in LDAP and SSL.  I want to do authentication to an Active Directory server using LDAPS.  I have the certificate from that server.  I have converted it to PEM format. 

 

Now I am stuck.  I can connect and bind using standard LDAP (tcp 389) with PHP, but when I switch to LDAPS (tcp 636) I get a blank screen.  I have tried just about everything I can think of to diagnose this. 

 

From the command line I can issue: ldapsearch -H ldaps://x.x.x.x -D binduser -W -x and this works.

 

I also have a small php script which uses ldap_connect("ldaps://x.x.x.x") and then ldap_bind("binduser","password").  If I try to point my web browser at this script I get a blank page, if I switch it to ldap://x.x.x.x it works.  I also have tried running the php script from the command line via: php ldap_test2.php.  This works.  So it makes me suspect that there is a path and/or permissions error here, but I cannot figure out what or where?

 

Any help would be very much appreciated.

 

Thanks,

Scott Geiger

Systems Administrator

Binghamton University

 

[geigers]

SOLVED!

 

Well after digging deeper I found that the problem was more complicated.  I also have oci8 compiled into php in order to connect to my Oracle database.  It turns out that Oracle has ldap libs that were taking precedence over the openldap libs.  I found that Apache was seg faulting.  I finally ended up using gdb to backtrace a core dump.  After some heavy googling I found that Oracle was the culprit and the "fix" was to add an env-var to apachectl.  http://www.mail-archive.com/[email protected]/msg02201.html

 

Scott Geiger