Edit report at http://bugs.php.net/bug.php?id=51638&edit=1
ID: 51638
Updated by: ka...@php.net
Reported by: marco at forgetaboutit dot net
-Summary: LDAP Referrals
+Summary: LDAP and Referrals
Status: Open
-Type: Documentation Problem
+Type: Bug
-Package: Documentation problem
+Package: LDAP related
Operating System: ALL
PHP Version: Irrelevant
Block user comment: N
New Comment:
After reviewing this bug some more, it looks more to me like its an
actual issue in the ldap extension in PHP, so moving it to that category
where hopefully one of the maintainers can pick it up and decide if its
indeed an issue in the ldap extension or lacking documentation.
Previous Comments:
------------------------------------------------------------------------
[2010-07-20 15:40:35] art dot vanscheppingen at spilgames dot com
We have the exact same problem.
Referrals do work correctly using the cli ldapmodify and with the exact
same setup it doesn't work under PHP.
I tried setting the LDAP_OPT_REFERRALS to either 1, LDAP_OPT_ON and
true, but neither of them resulted in anything else than the default -1.
Setting the value to 0 does have effect though, but doesn't do anything
either.
I set the LDAP server to a read only server, but that resulted in a LDAP
error.
------------------------------------------------------------------------
[2010-05-21 17:54:05] marco at forgetaboutit dot net
Doing some monitoring with TCPDUMP, I can confirm that the local LDAP
server is returning the correct referral information, and then the web
server is performing a DNS lookup on the ldap referral URL. Then it
would seem that PHP just tries the localhost again without running the
procedure specified in ldap_set_rebind_proc.
------------------------------------------------------------------------
[2010-04-22 19:07:20] marco at forgetaboutit dot net
Description:
------------
I am trying to get a php application to follow ldap referrals,
specifically when the local server is a slave, and is used as a
read-only server for performance reasons, but has to write to a master
server in order to add, modify or delete records.
As far as I can tell all I need are three things.
A) Set LDAP_OPT_REFERRALS to 1 using ldap_set_options()
B) Set a callback function using ldap_set_rebind_proc()
C) Create a very simple rebind function.
The problem is that there is no documentation on the subject. For
example, when I check LDAP_OPTS_REFERRALS using ldap_get_options(), I
get an answer of either 0 (when I set it to 0 or false), and an answer
of -1 (minus or dash 1) for any other setting, including 1 and TRUE, and
it appears that the callback function isn't called.
If someone can explain how it is supposed to work enough for me to get
it working, I am happy to provide documentation / examples
Test script:
---------------
ldap_set_option($LDAP_CON, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($LDAP_CON, rebind_on_referral);
...
function rebind_on_referral ($link_id, $ldap_url) {
$binddn = $_SESSION['ldapab']['binddn'];
$bindpw = $_SESSION['ldapab']['password'];
if (!ldap_bind($link_id,$binddn,$bindpw)) return 1; // Error
else return 0; // Success
}
Expected result:
----------------
callback function should be called, application should rebind to new
ldap server and user should notice nothing
Actual result:
--------------
PHP appears to ignore the referral and ldap_error returns a "referral"
message.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51638&edit=1
