Edit report at http://bugs.php.net/bug.php?id=54104&edit=1
ID: 54104 Comment by: thihfernandes at gmail dot com Reported by: mmx at riz dot pl Summary: ldap_sasl_bind fails but not the first time Status: Open Type: Bug Package: LDAP related Operating System: linux PHP Version: 5.2.17 Block user comment: N Private report: N New Comment: With me it's happening the same thing! My PHP version is 5.3.3-7. Previous Comments: ------------------------------------------------------------------------ [2011-02-26 13:20:05] mmx at riz dot pl Description: ------------ When using ldap_sasl_bind to bind to active directory the connection is successful only the first time. When executing the script a second time shortly after the first execution the bind fails. After around 2 minutes the bind is again possible. I suspect that it ma be related to digest md5 fast reauth. The sample code when executed via web server http://my_apache_server/ldap.php it binds succesfully the first time. hitting F5 in the browser: Warning: ldap_sasl_bind() [function.ldap-sasl-bind]: Unable to bind to server: Invalid credentials After 2 minutes it works again for the first time. This problem never happens when I execude the script via command line: php -q ./ldap.php any number of times in a row. on tcpdump I see that the nonce-count is inceasing. the first failure has nc=00000002. after waiting 2 minutes I see that nc starts back from 1. when starting php -q ./ldap.php the nc has always the nc=00000001. My conclusion is that there is some kind of cache/fast reauth/session when php generates the error when working as a part of httpd. After ivestigating netstat I noticed that the second bind fails until I see on netstat the connection in the TIME_WAIR state: netstat -anpe|grep 389 tcp 0 0 client:42457 ad_server:389 TIME_WAIT 0 0 - when the connection finally dissapears the first sasl bind is successful. Of course when I hit F5 many time I have many connections with TIME_WAIT state. After all of them dissapear the bind is successfull only for the first time. Test script: --------------- $conn = @ldap_connect( "ad_server" )); ldap_set_option ( $conn, LDAP_OPT_PROTOCOL_VERSION, 3)); ldap_sasl_bind ( $conn, NULL, "password",'DIGEST-MD5','my_realm','ldap_username',NULL); Expected result: ---------------- successful sasl bind without the need to wait 2 minutes. Actual result: -------------- when the code is executed the second time Warning: ldap_sasl_bind() [function.ldap-sasl-bind]: Unable to bind to server: Invalid credentials ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54104&edit=1
