ID: 48866
User updated by: dev at lechat dot org
Reported By: dev at lechat dot org
-Status: Feedback
+Status: Open
Bug Type: LDAP related
Operating System: windows server 2003 R2 SE SP2
PHP Version: 5.3.0
New Comment:
Hi,
I didn't try 5.2.10.
I will make a try in one week
when i Will be back from holidays (-;
At this point I'll give you a feedback
if the problem occurs or not with 5.2.10.
Previous Comments:
------------------------------------------------------------------------
[2009-08-07 06:30:38] mahida at usq dot edu dot au
PHP 5.1.6,Red Hat 4.1.2-44,httpd-2.2.3-22.el5, mysql-5.0.45-7.el5
We have the same problem for above. We manually copied the LDAP server
certificate and it worked. But the LDAPS bind is so unstable. Sometime
it binds and sometime it fails.
Standard LDAP connection works as expected.
------------------------------------------------------------------------
[2009-08-07 06:30:01] mahida at usq dot edu dot au
PHP 5.1.6,Red Hat 4.1.2-44,httpd-2.2.3-22.el5, mysql-5.0.45-7.el5
We have the same problem for above. We manually copied the LDAP server
certificate and it worked. But the LDAPS bind is so unstable. Sometime
it binds and sometime it fails.
Standard LDAP connection works as expected.
------------------------------------------------------------------------
[2009-08-05 21:59:26] j...@php.net
Does this happen also with PHP 5.2.10 ?
------------------------------------------------------------------------
[2009-07-09 09:35:06] dev at lechat dot org
Description:
------------
Dealing with a secure ldap connection :
Since php 5.3, the
'TLS_REQCERT never' (means do not check certificate validity, and
process the request anymore)
directive in C:\OpenLDAP\sysconf\ldap.conf are not applied when trying
to bind an ldapS server that emit a certificate with an invalid CA.
The result is that the ldapS bind fails because php refuse the
certificate.
By using a filMonitor program, I saw that since php 5.3 php_ldap.dll,
the ldap conf file is now 'c:\ldap.conf' rather than
C:\OpenLDAP\sysconf\ldap.conf. I tried to put directive in this file
too. I can see that the file is open and read, but the directive
'TLS_REQCERT never' is not applied. Bind fails.
On the same server this is perfectly working with php < 5.3 (until
5.2.9-1 as fas as I know).
Note that standard ldap connection works as expected with 5.3
Reproduce code:
---------------
$ldapConnect = ldap_connect('ldaps://ldaps.myserver.com:3269');
ldap_set_option($ldapConnect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnect, LDAP_OPT_REFERRALS, 0);
$ldapBind = ldap_bind($ldapConnect, $username,$password);
$filter="(| (employeeid=$user)(name=$user)(cn=$user)
(userprincipalname=$u...@mydomain) ) ";
$ldapSearch = ldap_search($ldapConnect, $baseDn, $filter);
$ldapEntries = ldap_get_entries($ldapConnect, $ldapSearch);
ldap_free_result($ldapSearch);
ldap_unbind($ldapConnect);
Expected result:
----------------
ldap_get_entries returns ldap entries that match whith the filter, as
expected.
Actual result:
--------------
None, cannot bind.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=48866&edit=1
