ID: 50915 User updated by: strube at physik3 dot gwdg dot de Reported By: strube at physik3 dot gwdg dot de -Status: Feedback +Status: Open Bug Type: LDAP related Operating System: Solaris 10 PHP Version: 5.2.12 New Comment:
First test show that there are indeed issues with PHP 5.3.1. I found that neither LAM nor PLA work with SLL, using ldaps://server or server:636 (but do work without SSL); an error in the call ldapssl_client_init is indicated, although that part of ldap.c patched by me is identical for 5.2.12 and 5.3.1 (however, the line numbers of the second patch hunk must be @@ -330,6 +334,42 @@ for 5.3.1, contrary to my previous statements). As we are not be able to upgrade to 5.3.x in the near future because of compatibility issues with our PHP applications, I am sorry I cannot invest time do extensive tests presently. Previous Comments: ------------------------------------------------------------------------ [2010-02-15 12:33:50] paj...@php.net hi, Thanks for your work so far. It is important to understand that 5.2.x is in Maintenance mode. We don't accept features addition there. 5.3.x accepts only minors and well tested features additions. trunk is the development tree. Can you provide a patch against the PHP_5_3 branch and trunk please? And please test 5.3/trunk as well instead of 5.2 only. ------------------------------------------------------------------------ [2010-02-15 11:42:46] strube at physik3 dot gwdg dot de Well, I prefer our own servers over pastebin.com and put my patch in ftp://ftp.physik3.gwdg.de/pub/HWS/php_ldap_solaris.patch (also visible as http://www.physik3.gwdg.de/~strube/soft/php_ldap_solaris.patch) which will exist at least for a year, probably much longer. More details: The line numbers are correct for recent versions of PHP 5.2.x and 5.3.x; for 4.4.9, patching works with offset (-1 and -38 lines). Execution has only been tested with php 5.2.x (x = 12 and slightly less), especially with LAM (http://www.ldap-account-manager.org/) and PLA (http://phpldapadmin.sourceforge.net/), both with and without SSL. SASL has not been tested (so far I have not got it working even without PHP). The first hunk of the patch is required for building at all, the second one, to allow ldap[s] URLs and to use SSL. Note on SSL usage: this is independent of PHP's configure option --with-openssl, since the Solaris libldap.so is linked with the (Mozilla-type) SSL libraries from /usr/lib/mps/ (from Solaris 10 on; in Solaris 9, ldapssl_client_init is a dummy function). The LDAP server's CA certificate (or chain) has to be put into PHP_PREFIX/ssl/ (you may change this path in my patch) in the Mozilla-like form of cert8.db, key3.db, secmod.db (tools [e.g., certutil] in /usr/sfw/bin/, docs in http://www.mozilla.org/projects/security/pki/nss/tools/). ------------------------------------------------------------------------ [2010-02-12 17:39:01] j...@php.net Ever heard of pastebin.com ? Try that. ------------------------------------------------------------------------ [2010-02-12 16:39:11] strube at physik3 dot gwdg dot de > No feedback was provided for this bug for over a week I have simply been waiting for a reply to my question from 3 Feb 9:13am UTC. It may seem trivial to you, but I am not sure what to do. Must I set "Version" to 5.3.1? Can the patch not be uploaded but only a link given to a file on our local webserver (which will not exist forever)? (BTW, my password has not been working. I got it sent to me but it was changed - definitely not by me!) ------------------------------------------------------------------------ [2010-02-03 09:13:01] strube at physik3 dot gwdg dot de >Please provide patches (links) against PHP_5_3 and trunk. How must I proceed to do so? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/50915 -- Edit this bug report at http://bugs.php.net/?id=50915&edit=1
