Error Unable To Get Local Issuer Certificate Php Ldap
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta ssl certificate problem unable to get local issuer certificate php Discuss the workings and policies of this site About Us Learn php curl unable to get local issuer certificate more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack error unable to get local issuer certificate getting chain Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, error unable to get local issuer certificate getting chain openssl helping each other. Join them; it only takes a minute: Sign up LDAP Failure with Zend/Apache up vote 0 down vote favorite 1 I have a very simple php ldap script that is only failing when running with Zend and Apache. When I run this script from the command line, it passes. Running strace, I can see
Verify Error:num=20:unable To Get Local Issuer Certificate
where the behavior changes, but I cannot tell why. I have confirmed that the same ldap.conf is being read and the same ldap.so is being loaded. I believe this is because of a certificate problem, but my settings are supposed to ignore certificate issues. Version Information (these appear to be identical between running from php and apache): OpenSSL: 0.9.8o 01 Jun 2010 OpenLdap: $Id: ldap.c 313665 2011-07-25 11:42:53Z felipe $ Zend: 5.5 PHP: 5.3.8 In my ldap.conf, I have only "TLS_REQCERT never". I realize that this is duplicated above. When running under apache, I get the following trace from ldap: ldap_create ldap_url_parse_ext(ldaps://myserver.com:636) ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP myserver.com:636 ldap_new_socket: 20 ldap_prepare_socket: 20 ldap_connect_to_host: Trying
that make connections all over the world. Join today Download & Extend Drupal Core Distributions Modules Themes LDAP integrationIssues SSL LDAP authentication Closed (duplicate)Project:LDAP integrationVersion:6.x-1.x-devComponent:User interfacePriority:CriticalCategory:Support requestAssigned:UnassignedReporter:clcrushCreated:March 10, 2010 - 20:56Updated:April 6, 2012
Error 20 At 0 Depth Lookup:unable To Get Local Issuer Certificate
- 19:00 Log in or register to update this issue I followed the verify error num 20 unable to get local issuer certificate steps on Microsoft's site: http://support.microsoft.com/kb/321051 - to setup SSL/TLS on my AD LDAP server. I tested using ldp.exe and it shows unable to get local issuer certificate git it working on port 636. I can telnet to port 636 from my web server. But I cannot get the LDAP authentication portion to test successfully using port 636. Is there anything I http://stackoverflow.com/questions/8931792/ldap-failure-with-zend-apache need to do on the web server side to get the communication flowing? Any assistance would be great!!! Comments Comment #1 clcrush CreditAttribution: clcrush commented March 15, 2010 at 4:08pm Any one have any suggestions? I really need to get the password change feature working on my Drupal install. Log in or register to post comments Comment #2 chicagomom CreditAttribution: chicagomom commented April 1, 2010 at 10:40am Are https://www.drupal.org/node/738746 you running IIS, Apache, or something else? If IIS, what version? Can you verify via phpinfo() that you have the ldap dll running on php? Log in or register to post comments Comment #3 prufrock51 CreditAttribution: prufrock51 commented April 1, 2010 at 3:55pm once you have certificate on your domain controller, your server has to trust it. if you are on linux, review your ldap.conf file and place the exported certificate into a proper directory (on rhel5, /etc/openldap/cacerts) also, you will need adpassword.patch from http://drupal.org/node/339821 Log in or register to post comments Comment #4 clcrush CreditAttribution: clcrush commented April 9, 2010 at 4:41pm I applied the patch and put the certificate in /etc/openldap/cacerts and the test button still fails for port 636. Here is my /etc/openldap/ldap.conf: URI ldaps://192.168.66.11/ BASE dc=csaaweb,dc=echo HOST N01IAW801.csaaweb.echo PORT 636 TLS_CACERTDIR /etc/openldap/cacert Everything is pointing to my Active Directory Server. Log in or register to post comments Comment #5 prufrock51 CreditAttribution: prufrock51 commented April 9, 2010 at 7:03pm this can be a number of issues to troubleshoot, i would check that i can connect over LDAPS from webserver using ldapsearch utility you can use something like $ ldapsearch -b 'ou=Users,dc=csaaweb,dc=echo' -D 'binduser@csaaweb.echo' -H 'ldaps://no1iaw801.csaaweb.echo' -W -x you ha
Authentication /► Authenticating with LDAP/s using our internal CA Moodle in English AuthenticationAuthenticating with LDAP/s using our internal CAAuthenticating using tokens for all usersForce Email ChangeDisplay modeDisplay replies flat, with https://moodle.org/mod/forum/discuss.php?d=259530 oldest firstDisplay replies flat, with newest firstDisplay replies in threaded formDisplay replies http://unix.stackexchange.com/questions/68377/how-to-make-ldapsearch-working-on-sles-over-tls-using-certificate in nested formAuthenticating with LDAP/s using our internal CADavid GlassTuesday, 6 May 2014, 3:56 AMHere is the scenario. We have a hosted VPS with inmotionhosting. We've acquired root access and currently have moodle installed on one of the user cPanels. We've hired a SME to customize moodle to our unable to liking. The problem is trying to setup LDAP/s authentication for the purposes of creating users. Since the moodle server is located on a VPS and we went the route of using our internal CA for authentication, we had to open port 636 on our firewall and allow communication from the VPS public IP. Once that was done we went about configuring the unable to get LDAP module in moodle. Here are our settings for the LDAP server (note that there is an internal host entry on the VPS for the host URL specified below): Host URL: ldaps://server.contoso.local Version: 3 Use TLS: No LDAP encoding: utf-8 Hide Passwords: Yes Dstinguished name: CN=svc-Moodle,OU=Svc,DC=contoso,DC=local Password: password User type: MS ActiveDirectory Contexts: ou=sd users,dc=contoso,dc=local Search subcontexts: Yes Dereference aliases: No From our CA, we exported our CA cert and imported it into the VPS. We used this moodle doc to then attempt to establish a link using that certificate: http://docs.moodle.org/26/en/LDAP_authentication#Enabling_LDAPS_on_your_Moodle_server From an SSH shell into the VPS, here are the exact commands we used to try and establish the secure link: cd /etc/ssl/certsopenssl x509 -in
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Unix & Linux Questions Tags Users Badges Unanswered Ask Question _ Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top How to make ldapsearch working on SLES over tls using certificate? up vote 5 down vote favorite We need to connect our php script to LDAP over tls using a certificate. LDAP connection works nicely without tls. More details here http://stackoverflow.com/questions/15260252/how-to-use-multiple-tls-certificates-for-ldap-from-php-zend We managed to connect via tls from Windows using Softerra LDAP Browser. It asked us to install a certificate and whether we trust it. My end result is to be able to authenticate with LDAP using TLS from php. I have been given a certificate of type .cer. It comes from a Windows Exchange machine. From what I can see SLES supports .pem certificates. So my question is ... Q1: Do I need to convert from .cer to .pem first before I can install the certificate on the client (which is SLES server) and finally Q2: what is the best way to install this certificate on the server so my php application can access it and do its job. Note that on the SLES server we need to connect to different LDAP servers. At present if we run ldapsearch -H ldaps://localhost:9215 -W we get Enter LDAP Password: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate) I found lots of good info here http://www.php.net/manual/de/function.ldap-connect.php#36156 and especially this sentence is important in my eyes Once you've gotten the ldapsearch tool working correctly PHP should work also. SUSE Linux Enterprise Server 11 (x86_64) ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.26 (Sep 26 2012 13:14:42) $ abuild@baur:/usr/src/packages/BUILD/openldap-2.4.26/clients/tools (LDAP library: OpenLDAP 20426) ldap sles certificates tls share|improve this question edited Mar 19 '13 at 0:28 asked Mar 18 '13 at 22:31 Radek 868112040 An alternate way to debug is to ignore the LDAP part and just look at the SSL: You can run "openssl s_