警告:ldap_start_tls()[function.ldap-start-tls]:无法启动TLS:服务器不可用 [英] Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Server is unavailable

问题描述

警告:ldap_start_tls()[function.ldap-start-tls]:无法启动TLS:服务器在第13行的/var/www/html/testldap/index.php中不可用 Ldap_start_tls失败

Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Server is unavailable in /var/www/html/testldap/index.php on line 13 Ldap_start_tls failed

我的配置如下

Centos 5.7 PHP版本5.3.3

Centos 5.7 PHP Version 5.3.3

php53-ldap已配置.无论我做什么，starttls的问题都让我头疼.任何帮助将不胜感激.

php53-ldap configured. No matter what I try to do , the starttls issue is giving me a headache. Any help would be highly appreciated.

推荐答案

好吧，我经历了一段有趣的旅程.

Well, what a fun journey I have been on with this one.

您遇到的问题是您的计算机不接受该服务器的证书为有效证书.解决此问题的简单方法是禁用检查，这是在ldap.conf文件中完成的，或者是使用环境变量完成的.

The problem you are having is that your machine does not accept the server's certificate as valid. The simple work around to this is to disable the check, which is done in the ldap.conf file, or with an environment variable.

您可以在/etc/openldap/ldap.conf(在Windows中为c:\openldap\sysconf\ldap.conf)上编辑该文件，或者如果尚不存在则创建一个文件，然后在其中添加以下行:

You can edit the file at /etc/openldap/ldap.conf (c:\openldap\sysconf\ldap.conf on Windows) or create one if it doesn't already exist and put this line in it:

TLS_REQCERT never

...或者您可以创建一个值为never的名为LDAPTLS_REQCERT的环境变量.

...or you can create an environment variable named LDAPTLS_REQCERT with the value never.

一旦我完成其中任何一项操作，以下脚本就会为我工作:

Once I had done either of those things, the following script worked for me:

<?php

  // Settings
  $host = 'server.domain.local';
  $port = 389;
  $user = 'administrator';
  $pass = 'password';

  // Connect, set options and bind
  $ds = ldap_connect($host, $port);
  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) exit('Could not disable referrals');
  if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) exit('Could not disable referrals');
  if (!ldap_start_tls($ds)) exit('Could not start TLS');
  if (!ldap_bind($ds, $user, $pass)) exit('Bind operation failed');

  // A quick list operation to make sure it worked
  if (!$result = ldap_list($ds, 'dc=domain,dc=local', 'objectClass=*')) exit('List operation failed');
  print_r(ldap_get_entries($ds, $result));

令人讨厌的是，putenv('LDAPTLS_REQCERT=never');和$_ENV['LDAPTLS_REQCERT'] = 'never';都不起作用-您必须创建配置文件或静态设置变量.

Annoyingly, neither putenv('LDAPTLS_REQCERT=never'); nor $_ENV['LDAPTLS_REQCERT'] = 'never'; will work - you have to either create the config file or statically set the variable.

如果要验证证书，则需要进一步阅读有关如何正确配置OpenLDAP的信息.

If you want to validate the certificates, you will need to do some further reading on how to configure OpenLDAP properly.

来源:

• http://marc.info/?l=php- windows& m = 116127873321748& w = 2
• http://www.php.net/manual/zh/function.ldap-start-tls.php
• http://linux.die.net/man/5/ldap.conf

• http://marc.info/?l=php-windows&m=116127873321748&w=2
• http://www.php.net/manual/en/function.ldap-start-tls.php
• http://linux.die.net/man/5/ldap.conf

这篇关于警告:ldap_start_tls()[function.ldap-start-tls]:无法启动TLS:服务器不可用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！