Archive for March, 2012

LDAP SSL connection/bind with self signed certificate using XAMPP/WAMP on Windows

I spent a lot of time figuring out how to configure force LDAP PHP module to accept self signed certifactes on windows with XAMPP and WAMP servers.

Here is my configuration:

  •  Windows XP Professional SP3
  •  ApacheFriends XAMPP version 1.7.7
  • Apache 2.2.21
  • MySQL 5.5.16 (Community Server)
  • PHP 5.3.8 (VC9 X86 32bit thread safe) + PEAR
  • OpenSSL 1.0.0e
  •  WAMP version 2.2a x32
  • Apache 2.2.21
  • MySQL 5.5.16
  • PHP 5.3.8
  • OpenSSL – don’t know version

I started with WAMP server, then I switched to XAMPP with a hope that it will simply work. It didn’t, however, I’ve found solution for XAMPP which should also work for WAMP.

First and foremost, uncommenting php_ldap.dll in php.ini caused problem with staring apache at all. There are some problems with openssl libs. I copied XAMPP/php/bin/libsasl.dlls to XAMPP/apache/bin/ and then in the other way XAMPP/apache/bin/libeay32.dll and ssleay32.dll to XAMPP/php/bin/. After this operation apache was able to start.

Then, I wanted to establish connection with LDAP over SSL and the server is using self signed certificate. Note, that using SSL the connection is not established when calling ldap_connect(), but later when calling ldap_bind(). I was getting following error:

Unable to bind to server: Can't contact LDAP server

You can also turn on debugging for ldap module with following code:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

and then you’ll see following error in apache’s error.log:

TLS certificate verification: Error, self signed certificate in certificate chain

I’ve found that to allow self signed certificates you need to create ldap.conf with configuration option:

TLS_REQCERT never

Ok, but where this file should be located? I have found information that it should be root directory on C:\ or on D:\. There were also information that apache or even windows restart is needed. None of these was working for me.

Finally, I’ve found that my location for ldap.conf is C:\openldap\sysconf\ and only apache restart was needed to make it work.

 

 

Advertisements

Leave a comment

How to create exe for java program

I always had the same problem with java programs packed with jar. How to run them in friendly manner. The best example of this can be eclipse which is run from eclipse.exe but it is written entirely in java.

I search a lot for some program which would make this easy and I found it. It’s called JSmooth.

So I had my application called Ndsr in jar file ndsr.jar

First we need to run JSmooth.

Then go to tab Skeleton and choose Windowed wrapper

Put message which will be shown to user when appropriate JVM is not found on user’s machine.

Also check “Launch java app in the exe process.

Save configuration in folder where you have your application jar

Next go to application tab and click icon with ‘+’ to add this jar.

Then click on ‘…’ button next to Main class text field to choose main class (this should be done automatically if you have main class defined in manifest but isn’t)

Choose your main class from ‘Available Classes’ and click select

Go to Executable tab and put name of your application with exe extension

You can also choose icon but there are some problems with .ico files (another bug) and png files are very ugly resized.

I next post I will describe how to change/add icon in exe files.

Then we need to specify JVM version so we need to go to JVM Section tab

Put version in Minimum JVM Version field.

If you need any specific JVM arguments go to JVM Configuration tab

So we are ready to go. Just click icon with gear or go to Project > Compile in menu.

, , , ,

1 Comment