[Samba] samba AD directory and PHP

L.P.H. van Belle belle at bazuin.nl
Thu Feb 27 11:23:02 UTC 2020


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD directory and PHP
> 
> Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> > But your missing the important part. 
> > 
> > How ? 
> > 
> > Kerberos ? NTLM ? LDAP ? 
> > 
> > ;-) 
> 
> Ah ok
> 
> Actually I want to use secure LDAP from a PHP docker container.

Now, i dont know docker.. (sorry, still not.. ).. I know.. ;-) time :-/ 

Ok, so you are running your own CA and you did setup the client certificates on the server. 

Im assuming you want LDAPS and first, A and PTR are setup in DNS? 

Is /etc/ldap/ldap.conf configured? 
BASE and URI 
URI     ldaps://host.FQDN ldaps://host2.FQDN 

Did you add your own CA to /etc/ssl/certs/ca-certificates.crt
Per example look here : 
https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ 

After that is done
Test ldap client do a simple query. 


Strong(er) Authentication is coming from the AD. 
That relates to :  ntlm auth = mschapv2-and-ntlmv2-only 
As are i can tell this quick. 

> 
> So far no Kerberos involved as far as I see.
> 
> (I have to dockerize a php app which is badly written ... and 
> I want to
> clean up a bit, and let it bind encrypted. But it should stay as small
> as possible.)


Which php App, that might help me also a bit? 


So far, 

Greetz, 

Louis




More information about the samba mailing list