samba - Feb 2020 - samba AD directory and PHP

I try to access AD via php app, to auth users etc

Does someone have a pointer for me .. to a good and recent example for
PHP-7.4, which connects to the DCs (encrypted ..)?

thanks

But your missing the important part. 

How ? 

Kerberos ? NTLM ? LDAP ? 

;-) 

Greetz, 

Lous
 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:25
> Aan: samba
> Onderwerp: [Samba] samba AD directory and PHP
> 
> 
> I try to access AD via php app, to auth users etc
> 
> Does someone have a pointer for me .. to a good and recent example for
> PHP-7.4, which connects to the DCs (encrypted ..)?
> 
> thanks
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> But your missing the important part. 
> 
> How ? 
> 
> Kerberos ? NTLM ? LDAP ? 
> 
> ;-) 
Ah ok

Actually I want to use secure LDAP from a PHP docker container.

So far no Kerberos involved as far as I see.

(I have to dockerize a php app which is badly written ... and I want to
clean up a bit, and let it bind encrypted. But it should stay as small
as possible.)

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD directory and PHP
> 
> Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> > But your missing the important part. 
> > 
> > How ? 
> > 
> > Kerberos ? NTLM ? LDAP ? 
> > 
> > ;-) 
> 
> Ah ok
> 
> Actually I want to use secure LDAP from a PHP docker container.
Now, i dont know docker.. (sorry, still not.. ).. I know.. ;-) time :-/ 

Ok, so you are running your own CA and you did setup the client certificates on
the server.

Im assuming you want LDAPS and first, A and PTR are setup in DNS? 

Is /etc/ldap/ldap.conf configured? 
BASE and URI 
URI     ldaps://host.FQDN ldaps://host2.FQDN 

Did you add your own CA to /etc/ssl/certs/ca-certificates.crt
Per example look here : 
https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ 

After that is done
Test ldap client do a simple query. 


Strong(er) Authentication is coming from the AD. 
That relates to :  ntlm auth = mschapv2-and-ntlmv2-only 
As are i can tell this quick. 
> 
> So far no Kerberos involved as far as I see.
> 
> (I have to dockerize a php app which is badly written ... and 
> I want to
> clean up a bit, and let it bind encrypted. But it should stay as small
> as possible.)

Which php App, that might help me also a bit? 


So far, 

Greetz, 

Louis