From: Operating system: linux PHP version: 5.2.17 Package: LDAP related Bug Type: Bug Bug description:ldap_sasl_bind fails but not the first time
Description: ------------ When using ldap_sasl_bind to bind to active directory the connection is successful only the first time. When executing the script a second time shortly after the first execution the bind fails. After around 2 minutes the bind is again possible. I suspect that it ma be related to digest md5 fast reauth. The sample code when executed via web server http://my_apache_server/ldap.php it binds succesfully the first time. hitting F5 in the browser: Warning: ldap_sasl_bind() [function.ldap-sasl-bind]: Unable to bind to server: Invalid credentials After 2 minutes it works again for the first time. This problem never happens when I execude the script via command line: php -q ./ldap.php any number of times in a row. on tcpdump I see that the nonce-count is inceasing. the first failure has nc=00000002. after waiting 2 minutes I see that nc starts back from 1. when starting php -q ./ldap.php the nc has always the nc=00000001. My conclusion is that there is some kind of cache/fast reauth/session when php generates the error when working as a part of httpd. After ivestigating netstat I noticed that the second bind fails until I see on netstat the connection in the TIME_WAIR state: netstat -anpe|grep 389 tcp 0 0 client:42457 ad_server:389 TIME_WAIT 0 0 - when the connection finally dissapears the first sasl bind is successful. Of course when I hit F5 many time I have many connections with TIME_WAIT state. After all of them dissapear the bind is successfull only for the first time. Test script: --------------- $conn = @ldap_connect( "ad_server" )); ldap_set_option ( $conn, LDAP_OPT_PROTOCOL_VERSION, 3)); ldap_sasl_bind ( $conn, NULL, "password",'DIGEST-MD5','my_realm','ldap_username',NULL); Expected result: ---------------- successful sasl bind without the need to wait 2 minutes. Actual result: -------------- when the code is executed the second time Warning: ldap_sasl_bind() [function.ldap-sasl-bind]: Unable to bind to server: Invalid credentials -- Edit bug report at http://bugs.php.net/bug.php?id=54104&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=54104&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=54104&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=54104&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=54104&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=54104&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=54104&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=54104&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=54104&r=needscript Try newer version: http://bugs.php.net/fix.php?id=54104&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=54104&r=support Expected behavior: http://bugs.php.net/fix.php?id=54104&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=54104&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=54104&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=54104&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=54104&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=54104&r=dst IIS Stability: http://bugs.php.net/fix.php?id=54104&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=54104&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=54104&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=54104&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=54104&r=mysqlcfg
