<i id='upPXX'><tr id='upPXX'><dt id='upPXX'><q id='upPXX'><span id='upPXX'><b id='upPXX'><form id='upPXX'><ins id='upPXX'></ins><ul id='upPXX'></ul><sub id='upPXX'></sub></form><legend id='upPXX'></legend><bdo id='upPXX'><pre id='upPXX'><center id='upPXX'></center></pre></bdo></b><th id='upPXX'></th></span></q></dt></tr></i><div id='upPXX'><tfoot id='upPXX'></tfoot><dl id='upPXX'><fieldset id='upPXX'></fieldset></dl></div>
    1. <small id='upPXX'></small><noframes id='upPXX'>

        <bdo id='upPXX'></bdo><ul id='upPXX'></ul>

        <tfoot id='upPXX'></tfoot>
        <legend id='upPXX'><style id='upPXX'><dir id='upPXX'><q id='upPXX'></q></dir></style></legend>

      1. 为 LDAPS 连接验证自签名证书

        时间:2024-08-23

        <small id='uS8Es'></small><noframes id='uS8Es'>

              <bdo id='uS8Es'></bdo><ul id='uS8Es'></ul>

              <i id='uS8Es'><tr id='uS8Es'><dt id='uS8Es'><q id='uS8Es'><span id='uS8Es'><b id='uS8Es'><form id='uS8Es'><ins id='uS8Es'></ins><ul id='uS8Es'></ul><sub id='uS8Es'></sub></form><legend id='uS8Es'></legend><bdo id='uS8Es'><pre id='uS8Es'><center id='uS8Es'></center></pre></bdo></b><th id='uS8Es'></th></span></q></dt></tr></i><div id='uS8Es'><tfoot id='uS8Es'></tfoot><dl id='uS8Es'><fieldset id='uS8Es'></fieldset></dl></div>
                <tbody id='uS8Es'></tbody>

              <legend id='uS8Es'><style id='uS8Es'><dir id='uS8Es'><q id='uS8Es'></q></dir></style></legend>
              1. <tfoot id='uS8Es'></tfoot>
                • 本文介绍了为 LDAPS 连接验证自签名证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我想建立一个从 Linux(Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux) 客户端到 Windows 2012 服务器的安全 ldap 连接 (ldaps),以更改用户活动目录中的密码,通过 php.为此,我在服务器上创建了一个自签名证书(使用 Windows 服务器管理器),但是当我尝试连接时,我收到以下错误(通过打开调试选项:ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);):

                  I want to make a secure ldap connection(ldaps) from a Linux(Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux) client to a Windows 2012 server, to change user passwords in active directory, through php. For that, I've created a self-signed certificate(using Windows Server Manager) on the server, but when I try to connect, I get the following error(by turning debugging option on: ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);):

                  ldap_create                                                                 
                  ldap_url_parse_ext(ldaps://xxx.xxx.xxx.xxx)                                 
                  ldap_bind_s                                                                 
                  ldap_simple_bind_s                                                          
                  ldap_sasl_bind_s                                                            
                  ldap_sasl_bind                                                              
                  ldap_send_initial_request                                                   
                  ldap_new_connection 1 1 0                                                   
                  ldap_int_open_connection                                                    
                  ldap_connect_to_host: TCP xxx.xxx.xxx.xxx:636                               
                  ldap_new_socket: 3                                                          
                  ldap_prepare_socket: 3                                                      
                  ldap_connect_to_host: Trying xxx.xxx.xxx.xxx:636                            
                  ldap_pvt_connect: fd: 3 tm: -1 async: 0                                     
                  TLS: peer cert untrusted or revoked (0x42)                                  
                  TLS: can't connect: (unknown error code).                                   
                  ldap_err2string                                                             
                  PHP Warning:  ldap_bind(): Unable to bind to server 
                  

                  似乎客户端无法信任证书,因为它是自签名的.

                  It seems the client is not able to trust the certificate since it's self-signed.

                  我应该采取哪些步骤来建立安全连接?客户端证书存储在 /etc/ssl/certs/ca-certificates.crt

                  What steps should I take to make a secure connection? The client side certificates are stored in /etc/ssl/certs/ca-certificates.crt

                  推荐答案

                  您必须明确告诉 LDAP 客户端忽略不受信任的证书.您可以通过将以下内容添加到您的 ldap.conf 文件来做到这一点:

                  You have to explicitly tell the LDAP client to ignore untrusted certificates. You can do so by adding the following to your ldap.conf file:

                  TLS_REQCERT never
                  

                  虽然这个解决方案不是首选的.您应该将所需的 CA 根添加到您的客户端,并确保正确生成证书,其中包含服务器的名称(如果我没记错的话,完整的 CA 链),否则没有什么可以阻止某人执行 MITM 攻击.

                  This solution is not the preferred one though. You should add the required CA root to your client and ensure that the certificate is correctly generated with the server's name in it (and if my memory serves me right the complete CA chain) otherwise nothing would stop someone to perform a MITM attack.

                  这篇关于为 LDAPS 连接验证自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:从 PHP 中的 openLDAP 获取所有可能的属性和所有 objectClasses 下一篇:PHP 使用 LDAP 进行身份验证

                  相关文章

                  1. <legend id='7uhxa'><style id='7uhxa'><dir id='7uhxa'><q id='7uhxa'></q></dir></style></legend>

                      <bdo id='7uhxa'></bdo><ul id='7uhxa'></ul>

                    <small id='7uhxa'></small><noframes id='7uhxa'>

                    <i id='7uhxa'><tr id='7uhxa'><dt id='7uhxa'><q id='7uhxa'><span id='7uhxa'><b id='7uhxa'><form id='7uhxa'><ins id='7uhxa'></ins><ul id='7uhxa'></ul><sub id='7uhxa'></sub></form><legend id='7uhxa'></legend><bdo id='7uhxa'><pre id='7uhxa'><center id='7uhxa'></center></pre></bdo></b><th id='7uhxa'></th></span></q></dt></tr></i><div id='7uhxa'><tfoot id='7uhxa'></tfoot><dl id='7uhxa'><fieldset id='7uhxa'></fieldset></dl></div>

                      <tfoot id='7uhxa'></tfoot>