ID: 49737
Comment by: josh at endries dot org
Reported By: josh at endries dot org
Status: Feedback
Bug Type: LDAP related
Operating System: RHEL4
PHP Version: 5.2.11
New Comment:
Thanks for the response.
I'm sure. I've reinstalled a few times, with the same configuration as
when I initially ran into this, and I even went through an upgrade from
5.2.10 to 5.2.11. The version number did change in both, but it didn't
affect this issue. Comparing ldd and strings output suggests they're
from the same build also. The build date, configure command, and
everything else I looked at in phpinfo() for CLI and the module is
identical.
Previous Comments:
------------------------------------------------------------------------
[2009-10-01 16:08:42] j...@php.net
And you're absolutely sure both CLI and apache module are same version
compiled with same options? Check this from phpinfo(). Also check the
PHP Version..
------------------------------------------------------------------------
[2009-10-01 15:26:55] josh at endries dot org
Description:
------------
I'm trying to connect to LDAP using SSL or TLS but it doesn't work when
run through the Apache 2 module. It appears to work fine when run via
the CLI. I'm using the same exact code in each script. Using strace I
can see the script read ldap.conf and the CA files, but with the module
(connecting to the httpd process) it doesn't read any files. It dies
after trying to verify the CA. I have a real cert and my CA is in
/etc/openldap/cacerts, but of course if these (or anything else) isn't
read in, it wouldn't be trusted. Using TLS or SSL doesn't matter, nor
does using a URI instead of hostname/port pair. I have recompiled to
make sure they both use the same libraries, and I have "TLS_REQCERT
never" in /etc/openldap/ldap.conf, which are the suggestions I found
online.
Reproduce code:
---------------
<?php
$hostname = 'ldap.domain.org';
$port = '389';
$dn = '...';
$password = '...';
if (!is_resource(($ldap = ldap_connect($hostname, $port)))) throw new
Exception("LDAP connection failed: ".ldap_error($ldap));
if (ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3) !== true)
throw new Exception("Protocol version 3 not supported.");
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if (ldap_start_tls($ldap) !== true) throw new
Exception(ldap_error($ldap));
if (ldap_bind($ldap, $dn, $password) !== true) throw new
Exception(ldap_error($ldap));
echo('ok');
Expected result:
----------------
"ok", which I do get in the CLI.
Actual result:
--------------
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start
TLS: Connect error in /var/www/html/test.php on line 15
Fatal error: Uncaught exception 'Exception' with message 'Connect
error' in /var/www/html/test.php:15 Stack trace: #0 {main} thrown in
/var/www/html/test.php on line 15
(from the web server)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49737&edit=1
