PHP-LDAP against Nethserver safely?

cfd10 · December 19, 2020, 7:17am

NethServer Version: 7.2009
Module: Directory (dc)

It’s me again (sorry). I have a quick question and I’m sure it’s been answered before (but a quick search of the community doesn’t show anything relevant).

I am trying to use an internal web server to build an intranet style site where users can authenticate and make changes to their own LDAP attributes (First and Last Names, Phone Numbers, Addresses, etc), but for the life of me I can’t get the server to even be accessible via LDAP on the local LAN.

My question is, is there a special way to access the directory using LDAP for PHP when using Nethserver or does it only listen on the localhost for LDAP authentication? It has been suggested before to just host something like that on Nethserver itself, but I would rather have it on it’s own server where I can easily shut services down for maintenance without having to take down the entire Nethserver configuration.

When trying to connect using port 389, I get “Strong(er) authentication required”, and when using LDAPS and port 636, I get a connection error.

Has anyone been able to successfully authenticate against Nethserver using a PHP script or am I just doing it wrong? How do I achieve this without lowering the security of my Nethserver?

davidep · December 19, 2020, 8:13am

Port 389 wants STARTTLS encryption. Port 636 is TLS. Both return the system certificate. If it is self signed your PHP client rejects it. You can either configure a valid system certificate (eg letsencrypt), or configure your client to ignore certificate errors

Both Roundcubemail and Nextcloud modules are PHP applications and work with NS. You surely can make it work

Andy_Wismer · December 19, 2020, 11:09am

@cfd10

Hi

Actually, I’d like to confirm that I’ve seen and used NethServer Setups in the cloud, where one NethServer at a Hosting Provider was running LDAP, and about 8 other NethServers and other Servers (All at Different Global Hosters!) were using LDAP-Auth aginst that NethServer-LDAP.

And I was surprised that it worked so well.

Even MeshCentral was LDAP.

So it works!

I never looked at the config of the NethServer-LDAP.

My 2 cents
Andy

cfd10 · December 20, 2020, 5:34pm

For security, I would like to update the certificate to be valid, how do I update the system certificate without breaking everything?

robb · December 20, 2020, 7:19pm

If your server is an internal server, this should be able to get you a valid LE cert: Acme-dns on Nethserver (now with RPM-y goodness!)

robb · December 20, 2020, 7:59pm

A post was split to a new topic: Install phpBB on NethServer7

robb · December 21, 2020, 7:27pm

A post was split to a new topic: Import LE cert button