Archive of ‘Computers’ category

Connecting to Active Directory using PHP

I really struggled to get PHP to be able to use LDAPS to talk to my domain controller. I wanted the ability to create users and set passwords and security groups so that I could administer users from my web interface.

It took a lot of googling but I finally got it working and it turns out in the end it is quite straight forward.

SETTING UP THE MACHINE

I started with a new Virtual machine with SSH and LAMP installed. I was using a 12.4LTS version of Ubuntu as it was a download I had handy.

Once set up the first thing to do is to turn on errors in PHP. This just makes it possible to debug what is happening.

To do this edit the php.ini file

sudo vim /etc/php5/apache2/php.ini

Around line 500 change the setting to turn errors on

display_errors = On

Remember to restart apache for it to take affect

sudo service apache2 restart

PHP

You need to ensure that the LDAP module for PHP is installed. To solve this run

sudo apt-get install php5-ldap

Then remember to restart the service

sudo service apache2 restart

ADD THE ROOT CERTIFICATEYou need install a certificate on your server. This is the Root certificate. To do this copy the root crt file to

/usr/local/share/ca-certificates

Once you have created the file you have to update the certificates. Run

sudo update-ca-certificates

This will place the certificate in the correct place.

etc/ssl/certs/

Configure LDAPS

The other thing I did was to change the LDAPS config

vim /etc/ldap/ldap.conf

and add

TLS_REQCERT never

to the bottom of the file

You should now be able to connect to LDAPS with PHP and create users in active directory.

Setup NTP service on Ubuntu

Having the correct time on your server is really important especially if you are looking at log files. There is nothing worse than knowing the time something went wrong but not finding it in the log file.

The simple way to solve the problem is to install an NTP service so that the time and date is checked and corrected on a regular basis.

Setup

The first thing to check is the current date and time on the server.

The date command will give you this.

> date

You can then check that the time is correct. If it is it maybe that the NTP service is already working.

Type

ps aux | grep ntp

If it is not installed type

sudo apt-get install ntp

Unfortuanatly installing the service does not change the time straight away. To Force a refresh type

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

Your servers should now give the correct time.