#49737 [Opn->Fbk]: LDAP doesn't work from Apache 2.0 module but does from CLI

Thu, 01 Oct 2009 09:08:51 -0700 

 ID:               49737
 Updated by:       j...@php.net
 Reported By:      josh at endries dot org
-Status:           Open
+Status:           Feedback
 Bug Type:         LDAP related
 Operating System: RHEL4
 PHP Version:      5.2.11
 New Comment:

And you're absolutely sure both CLI and apache module are same version

compiled with same options? Check this from phpinfo(). Also check the 
PHP Version..


Previous Comments:
------------------------------------------------------------------------

[2009-10-01 15:26:55] josh at endries dot org

Description:
------------
I'm trying to connect to LDAP using SSL or TLS but it doesn't work when
run through the Apache 2 module. It appears to work fine when run via
the CLI. I'm using the same exact code in each script. Using strace I
can see the script read ldap.conf and the CA files, but with the module
(connecting to the httpd process) it doesn't read any files. It dies
after trying to verify the CA. I have a real cert and my CA is in
/etc/openldap/cacerts, but of course if these (or anything else) isn't
read in, it wouldn't be trusted. Using TLS or SSL doesn't matter, nor
does using a URI instead of hostname/port pair. I have recompiled to
make sure they both use the same libraries, and I have "TLS_REQCERT
never" in /etc/openldap/ldap.conf, which are the suggestions I found
online.

Reproduce code:
---------------
<?php

$hostname = 'ldap.domain.org';
$port = '389';
$dn = '...';
$password = '...';

if (!is_resource(($ldap = ldap_connect($hostname, $port)))) throw new
Exception("LDAP connection failed: ".ldap_error($ldap));

if (ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3) !== true)
throw new Exception("Protocol version 3 not supported.");

ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

if (ldap_start_tls($ldap) !== true) throw new
Exception(ldap_error($ldap));

if (ldap_bind($ldap, $dn, $password) !== true) throw new
Exception(ldap_error($ldap));

echo('ok');

Expected result:
----------------
"ok", which I do get in the CLI.

Actual result:
--------------
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start
TLS: Connect error in /var/www/html/test.php on line 15

Fatal error: Uncaught exception 'Exception' with message 'Connect
error' in /var/www/html/test.php:15 Stack trace: #0 {main} thrown in
/var/www/html/test.php on line 15

(from the web server)


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=49737&edit=1

Reply via email to