[colug-432] secure ldap via php page

Josh Preston jpreston at redhat.com
Mon Oct 19 09:48:17 EDT 2015 

Keith,

SELinux?  Check if you are running SELinux in Enforcing mode:

  # getenforce

If you are, check what booleans have been enabled for Apache:

  # getsebool -a | grep httpd

You're probably interested in:

  * httpd_can_connect_ldap

Set httpd_can_connect_ldap appropriately:

  # setsebool -P httpd_can_connect_ldap on

If you are running LDAP on a non-standard port, you might need to set the port appropriately for SELinux:

  # semanage port -a -t ldap_port_t -p tcp 1389
  # semanage port -a -t ldap_port_t -p udp 1389

Additionally, you could also try adding the CA and/or SSL certificate to your systems trusted store.

Josh Preston, RHCE
Cloud Infrastructure Solutions Architect
North America Central, Red Hat, Inc.
e jpreston at redhat.com
m 614-619-1959
https://www.linkedin.com/in/mrjoshuap


----- Original Message -----
From: "Tom Hanlon" <tom at functionalmedia.com>
To: "Central OH Linux User Group - 432xx" <colug-432 at colug.net>
Sent: Saturday, October 17, 2015 12:14:51 AM
Subject: Re: [colug-432] secure ldap via php page

It has been a while since I have done PHP stuff, but here are some thoughts.. 

Have you tried to run the script as the apache user. 

Assuming the user is webuser 

su - webuser 

php yourphp.php 

Also apache has logs, ldap has logs, see what those show you. 

-- 
Tom 

On Wed, Oct 14, 2015 at 3:14 PM, Keith Larson < klarson at k12group.net > wrote: 



I have a php script that works fine when I run it interactively at a bash prompt 
php myscript.php 
part of what it does is establish a secure ldap connection. the cert used for ldaps is self-signed. this doesn't present a problem running it manually. 
when i execute that exact same command from a php web page it fails to establish the connection. 
is this a permissions issue with the user that is running apache? or does apache need something to trust the self-signed cert? 

_______________________________________________ 
colug-432 mailing list 
colug-432 at colug.net 
http://lists.colug.net/mailman/listinfo/colug-432 



_______________________________________________
colug-432 mailing list
colug-432 at colug.net
http://lists.colug.net/mailman/listinfo/colug-432

More information about the colug-432 mailing list