[colug-432] secure ldap via php page
Keith Larson
klarson at k12group.net
Mon Oct 19 21:30:04 EDT 2015
Running on OpenSuSE. Thank you for the suggestions.
>>> Josh Preston <jpreston at redhat.com> 10/19/2015 9:48 AM >>>
Keith,
SELinux? Check if you are running SELinux in Enforcing mode:
# getenforce
If you are, check what booleans have been enabled for Apache:
# getsebool -a | grep httpd
You're probably interested in:
* httpd_can_connect_ldap
Set httpd_can_connect_ldap appropriately:
# setsebool -P httpd_can_connect_ldap on
If you are running LDAP on a non-standard port, you might need to set the port appropriately for SELinux:
# semanage port -a -t ldap_port_t -p tcp 1389
# semanage port -a -t ldap_port_t -p udp 1389
Additionally, you could also try adding the CA and/or SSL certificate to your systems trusted store.
Josh Preston, RHCE
Cloud Infrastructure Solutions Architect
North America Central, Red Hat, Inc.
e jpreston at redhat.com
m 614-619-1959
https://www.linkedin.com/in/mrjoshuap
----- Original Message -----
From: "Tom Hanlon" <tom at functionalmedia.com>
To: "Central OH Linux User Group - 432xx" <colug-432 at colug.net>
Sent: Saturday, October 17, 2015 12:14:51 AM
Subject: Re: [colug-432] secure ldap via php page
It has been a while since I have done PHP stuff, but here are some thoughts..
Have you tried to run the script as the apache user.
Assuming the user is webuser
su - webuser
php yourphp.php
Also apache has logs, ldap has logs, see what those show you.
--
Tom
On Wed, Oct 14, 2015 at 3:14 PM, Keith Larson < klarson at k12group.net > wrote:
I have a php script that works fine when I run it interactively at a bash prompt
php myscript.php
part of what it does is establish a secure ldap connection. the cert used for ldaps is self-signed. this doesn't present a problem running it manually.
when i execute that exact same command from a php web page it fails to establish the connection.
is this a permissions issue with the user that is running apache? or does apache need something to trust the self-signed cert?
_______________________________________________
colug-432 mailing list
colug-432 at colug.net
http://lists.colug.net/mailman/listinfo/colug-432
_______________________________________________
colug-432 mailing list
colug-432 at colug.net
http://lists.colug.net/mailman/listinfo/colug-432
_______________________________________________
colug-432 mailing list
colug-432 at colug.net
http://lists.colug.net/mailman/listinfo/colug-432
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20151019/f85177a0/attachment.html
More information about the colug-432
mailing list