My ldaptest.php works now. Can't tell the "missing link" so far ... but it seems it's connect via ldaps now (and reading users etc)
Am 27.02.20 um 13:31 schrieb Stefan G. Weichinger via samba:> > My ldaptest.php works now. > Can't tell the "missing link" so far ... but it seems it's connect via > ldaps now (and reading users etc)wrong. Broken again. Question again: Do I have to deploy the ca.pem from the DCs to the container? path? thanks
Am 27.02.20 um 13:38 schrieb Stefan G. Weichinger via samba:> Am 27.02.20 um 13:31 schrieb Stefan G. Weichinger via samba: >> >> My ldaptest.php works now. >> Can't tell the "missing link" so far ... but it seems it's connect via >> ldaps now (and reading users etc) > > wrong. Broken again. > > Question again: > > Do I have to deploy the ca.pem from the DCs to the container? path?Seems I solved it. Important detail: the certs copied have to have .crt suffix .. etc Right now my ldaptest.php binds via encrypted LDAP and reads the samba AD users. nice
> > Did you add your own CA to /etc/ssl/certs/ca-certificates.crt > > Per example look here : > > https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ > > Is that > > dcX:/var/lib/samba/private/tls/ca.pemIf YOU created the CA.pem and all server use that one, then yes. Then you should deploy that to all servers and pc.s XCA is a handy tool to manage Certificates, thats the one i use.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: donderdag 27 februari 2020 13:39 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba AD directory and PHP > > Am 27.02.20 um 13:31 schrieb Stefan G. Weichinger via samba: > > > > My ldaptest.php works now. > > Can't tell the "missing link" so far ... but it seems it's > connect via > > ldaps now (and reading users etc) > > wrong. Broken again. > > Question again: > > Do I have to deploy the ca.pem from the DCs to the container? path?I think so yes, but that i dont know, i dont use containers.> > thanks >Ps. https://www.reddit.com/r/sysadmin/comments/2ec41m/apache_auth_and_active_directory_over_ldaps_thats/ This one myght help. ;-) Back to work, need to finish some things here. Greetz, Louis
Am 27.02.20 um 14:10 schrieb L.P.H. van Belle via samba:>> dcX:/var/lib/samba/private/tls/ca.pem > > If YOU created the CA.pem and all server use that one, then yes.I did not, samba did (I assume).> Then you should deploy that to all servers and pc.s > XCA is a handy tool to manage Certificates, thats the one i use.aha I have it working now although I seem to have some certs duplicate in the container. Doesn't hurt, will maybe clean up later. Now the PHP app is able to talk to both available DCs via encrypted LDAP : that is nice.> Ps. > https://www.reddit.com/r/sysadmin/comments/2ec41m/apache_auth_and_active_directory_over_ldaps_thats/ > This one myght help. > > ;-)I googled hundreds of pages in the last hours. Thanks for one more ;-) I even consider writing another small howto.> Back to work, need to finish some things here.good luck, I am off for some climbing (OT, but anyway)
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: donderdag 27 februari 2020 16:33 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba AD directory and PHP > > Am 27.02.20 um 14:10 schrieb L.P.H. van Belle via samba: > > >> dcX:/var/lib/samba/private/tls/ca.pem > > > > If YOU created the CA.pem and all server use that one, then yes. > > I did not, samba did (I assume). > > > Then you should deploy that to all servers and pc.s > > XCA is a handy tool to manage Certificates, thats the one i use. > > aha > > I have it working now although I seem to have some certs duplicate in > the container. Doesn't hurt, will maybe clean up later. > > Now the PHP app is able to talk to both available DCs via > encrypted LDAP > : that is nice. > > > Ps. > > > https://www.reddit.com/r/sysadmin/comments/2ec41m/apache_auth_ > and_active_directory_over_ldaps_thats/ > > This one myght help. > > > > ;-) > > I googled hundreds of pages in the last hours. Thanks for one more ;-)Yes, but bet you seen things in this one you can use for real. Why i selected this one, because i suspected .. (> I did not, samba did (I assume).) And this one might overcome it. ;-)> > I even consider writing another small howto.Why do you think i write install scripts.. These are my howtos and info.. :-)> > > Back to work, need to finish some things here. > > good luck, I am off for some climbing (OT, but anyway)Well dont fall down, untill later again. Greetz, Louis