[Samba] samba AD directory and PHP
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 27 11:23:02 UTC 2020
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD directory and PHP
> Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> > But your missing the important part.
> > How ?
> > Kerberos ? NTLM ? LDAP ?
> > ;-)
> Ah ok
> Actually I want to use secure LDAP from a PHP docker container.
Now, i dont know docker.. (sorry, still not.. ).. I know.. ;-) time :-/
Ok, so you are running your own CA and you did setup the client certificates on the server.
Im assuming you want LDAPS and first, A and PTR are setup in DNS?
Is /etc/ldap/ldap.conf configured?
BASE and URI
URI ldaps://host.FQDN ldaps://host2.FQDN
Did you add your own CA to /etc/ssl/certs/ca-certificates.crt
Per example look here :
After that is done
Test ldap client do a simple query.
Strong(er) Authentication is coming from the AD.
That relates to : ntlm auth = mschapv2-and-ntlmv2-only
As are i can tell this quick.
> So far no Kerberos involved as far as I see.
> (I have to dockerize a php app which is badly written ... and
> I want to
> clean up a bit, and let it bind encrypted. But it should stay as small
> as possible.)
Which php App, that might help me also a bit?
More information about the samba