From: bfg at frost dot ath dot cx
Operating system: linux
PHP version: 5.1.1
PHP Bug Type: LDAP related
Bug description: ldap_sasl_bind() sends bind DN as authz_id
Description:
------------
ldap_sasl_bind() sends bind DN as sasl authz id.
This is wrong ;)
Reproduce code:
---------------
<?php
$host = "ldap://ldap.example.org";;
$dn =
"uid=bfg,ou=users,ou=unix,ou=production,dc=noviforum,dc=si";
$pw = "test";
$realm = "PROD.EXAMPLE.ORG";
$mech = "PLAIN";
$authz_id = "bfg";
$props = null;
$r = ldap_connect($host);
if (! $r) {
echo "Unable to connect: \n";
exit(1);
}
ldap_set_option($r, LDAP_OPT_PROTOCOL_VERSION, 3);
echo "Connected, trying to bind...\n";
$b = ldap_sasl_bind($r, $dn, $pw, $mech, $realm, $authz_id,
$props);
echo "LDAP bind: " . (($b) ? "OK" : "FAILED") . "\n";
?>
Expected result:
----------------
OK
... i've written php patch which i've sent to jani.
Actual result:
--------------
Dec 8 11:31:34 orion slapd[5404]: conn=113 fd=15 ACCEPT from
IP=192.168.2.232:55217 (IP=0.0.0.0:389)
LDAP: Dec 8 11:31:12 orion slapd[5404]: conn=112 op=0 BIND
dn="uid=bfg,ou=users,ou=unix,ou=production,dc=example,dc=si" method=163
PHP: Dec 8 11:31:34 orion slapd[5404]: conn=113 op=0 BIND
dn="uid=bfg,ou=users,ou=unix,ou=production,dc=example,dc=si" method=163
LDAP: Dec 8 11:31:12 orion saslauthd[17532]: rel_accept_lock : released
accept lock
PHP: Dec 8 11:31:34 orion saslauthd[17533]: rel_accept_lock : released
accept lock
LDAP: Dec 8 11:31:12 orion saslauthd[17533]: get_accept_lock : acquired
accept lock
PHP: Dec 8 11:31:34 orion saslauthd[17531]: get_accept_lock : acquired
accept lock
FAILED
Kerberos logs (ldap server authenticates against kerberos)
LDAP marked lines are produced when connecting to ldap server with
ldapsearch(1), PHP marked lines are produced with php interpreter running
script above.
LDAP: Dec 8 11:31:12 orion krb5kdc[5468]: AS_REQ (1 etypes {18})
195.250.198.144: NEEDED_PREAUTH: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Additional pre-authentication
required
PHP: Dec 8 11:31:34 orion krb5kdc[5468]: AS_REQ (1 etypes {18})
195.250.198.144: CLIENT_NOT_FOUND:
uid=bfg,ou=users,ou=unix,ou=production,dc=examle,[EMAIL PROTECTED]
for krbtgt/[EMAIL PROTECTED], Client not found in Kerberos
database
--
Edit bug report at http://bugs.php.net/?id=35611&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=35611&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=35611&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=35611&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=35611&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=35611&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=35611&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=35611&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=35611&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35611&r=support
Expected behavior: http://bugs.php.net/fix.php?id=35611&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=35611&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=35611&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=35611&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35611&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=35611&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=35611&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35611&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=35611&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=35611&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=35611&r=mysqlcfg
