LDAP SSL connection/bind with self signed certificate using XAMPP/WAMP on Windows

I spent a lot of time figuring out how to configure force LDAP PHP module to accept self signed certifactes on windows with XAMPP and WAMP servers.

Here is my configuration:

  •  Windows XP Professional SP3
  •  ApacheFriends XAMPP version 1.7.7
  • Apache 2.2.21
  • MySQL 5.5.16 (Community Server)
  • PHP 5.3.8 (VC9 X86 32bit thread safe) + PEAR
  • OpenSSL 1.0.0e
  •  WAMP version 2.2a x32
  • Apache 2.2.21
  • MySQL 5.5.16
  • PHP 5.3.8
  • OpenSSL – don’t know version

I started with WAMP server, then I switched to XAMPP with a hope that it will simply work. It didn’t, however, I’ve found solution for XAMPP which should also work for WAMP.

First and foremost, uncommenting php_ldap.dll in php.ini caused problem with staring apache at all. There are some problems with openssl libs. I copied XAMPP/php/bin/libsasl.dlls to XAMPP/apache/bin/ and then in the other way XAMPP/apache/bin/libeay32.dll and ssleay32.dll to XAMPP/php/bin/. After this operation apache was able to start.

Then, I wanted to establish connection with LDAP over SSL and the server is using self signed certificate. Note, that using SSL the connection is not established when calling ldap_connect(), but later when calling ldap_bind(). I was getting following error:

Unable to bind to server: Can't contact LDAP server

You can also turn on debugging for ldap module with following code:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

and then you’ll see following error in apache’s error.log:

TLS certificate verification: Error, self signed certificate in certificate chain

I’ve found that to allow self signed certificates you need to create ldap.conf with configuration option:

TLS_REQCERT never

Ok, but where this file should be located? I have found information that it should be root directory on C:\ or on D:\. There were also information that apache or even windows restart is needed. None of these was working for me.

Finally, I’ve found that my location for ldap.conf is C:\openldap\sysconf\ and only apache restart was needed to make it work.

 

 

Advertisements
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: