#48866 [NEW]: ldap.conf TLS_REQCERT directive fails for ldaps

Thu, 09 Jul 2009 02:35:19 -0700 

From:             dev at lechat dot org
Operating system: windows server 2003 R2 SE SP2
PHP version:      5.3.0
PHP Bug Type:     LDAP related
Bug description:  ldap.conf TLS_REQCERT directive fails for ldaps

Description:
------------
Dealing with a secure ldap connection :
Since php 5.3, the
'TLS_REQCERT never' (means do not check certificate validity, and process
the request anymore)
directive in C:\OpenLDAP\sysconf\ldap.conf are not applied when trying to
bind an ldapS server that emit a certificate with an invalid CA.

The result is that the ldapS bind fails because php refuse the
certificate.

By using a filMonitor program, I saw that since php 5.3 php_ldap.dll, the
ldap conf file is now 'c:\ldap.conf' rather than
C:\OpenLDAP\sysconf\ldap.conf. I tried to put directive in this file too. I
can see that the file is open and read, but the directive 'TLS_REQCERT
never' is not applied. Bind fails.


On the same server this is perfectly working with php < 5.3 (until 5.2.9-1
as fas as I know).

Note that standard ldap connection works as expected with 5.3

Reproduce code:
---------------
$ldapConnect = ldap_connect('ldaps://ldaps.myserver.com:3269');
ldap_set_option($ldapConnect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnect, LDAP_OPT_REFERRALS, 0);
$ldapBind = ldap_bind($ldapConnect, $username,$password);
$filter="(| (employeeid=$user)(name=$user)(cn=$user)
(userprincipalname=$u...@mydomain) ) ";
$ldapSearch = ldap_search($ldapConnect, $baseDn, $filter);
$ldapEntries = ldap_get_entries($ldapConnect, $ldapSearch);
ldap_free_result($ldapSearch);
ldap_unbind($ldapConnect);

Expected result:
----------------
ldap_get_entries returns ldap entries that match whith the filter, as
expected.

Actual result:
--------------
None, cannot bind.

-- 
Edit bug report at http://bugs.php.net/?id=48866&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48866&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48866&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48866&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48866&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48866&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48866&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48866&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48866&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48866&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48866&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48866&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48866&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48866&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48866&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48866&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48866&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48866&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48866&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48866&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48866&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48866&r=mysqlcfg

Reply via email to