> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD directory and PHP
>
> Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> > But your missing the important part.
> >
> > How ?
> >
> > Kerberos ? NTLM ? LDAP ?
> >
> > ;-)
>
> Ah ok
>
> Actually I want to use secure LDAP from a PHP docker container.
Now, i dont know docker.. (sorry, still not.. ).. I know.. ;-) time :-/
Ok, so you are running your own CA and you did setup the client certificates on
the server.
Im assuming you want LDAPS and first, A and PTR are setup in DNS?
Is /etc/ldap/ldap.conf configured?
BASE and URI
URI ldaps://host.FQDN ldaps://host2.FQDN
Did you add your own CA to /etc/ssl/certs/ca-certificates.crt
Per example look here :
https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/
After that is done
Test ldap client do a simple query.
Strong(er) Authentication is coming from the AD.
That relates to : ntlm auth = mschapv2-and-ntlmv2-only
As are i can tell this quick.
>
> So far no Kerberos involved as far as I see.
>
> (I have to dockerize a php app which is badly written ... and
> I want to
> clean up a bit, and let it bind encrypted. But it should stay as small
> as possible.)
Which php App, that might help me also a bit?
So far,
Greetz,
Louis