2012/9/24 Alban Meunier <[email protected]>: > I'm in trouble with a very basic unsecured lab to evaluate SSP > > My lab config > a single host CentOS 6.3 with IP 10.11.12.124 > LDAP server: OpenDj 2.5 listening on port 51389 with no startTLS but with > LDAP V3 only (tested successfully with ldapsearch) > SSP server: Apache 2.2.15 on port 80 on the same OpenDJ host > > > My config.inc.php contains > $ldap_url = "ldap://10.11.12.124:51389";; > $ldap_binddn = "cn=dirman"; > $ldap_bindpw = "Password123"; > #$ldap_binddn = ""; > #$ldap_bindpw = ""; > $ldap_base = "ou=people,dc=test,dc=lab"; > $ldap_filter = "(&(objectClass=inetorgperson)(uid={login}))"; > > $who_change_password = "user"; > > > ssp_error_log > [Mon Sep 24 11:33:06 2012] [error] [client 10.11.12.125] LDAP - Bind error > -1 (Can't contact LDAP server), referer: http://10.11.12.124/ > > > no traces of connection on OpenDJ access log > > any idea to fix that issue? > > > I suspect an issue on PHP LDAP side, but phpinfo looks good > > PHP Version 5.3.3 > > Configure Command > ./configure' '--build=x86_64-redhat-linux-gnu' > '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' > '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' > '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' > '--includedir=/usr/include' '--libdir=/usr/lib64' > '--libexecdir=/usr/libexec' '--localstatedir=/var' > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--cache-file=../config.cache' > '--with-libdir=lib64' '--with-config-file-path=/etc' > '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' > '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' > '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' > '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' > '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' > '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' > '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' > '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' > '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' > '--without-sqlite' '--with-libxml-dir=/usr' '--enable-xml' > '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' > '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' > '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' > '--without-sqlite3' '--disable-phar' '--disable-fileinfo' '--disable-json' > '--without-pspell' '--disable-wddx' '--without-curl' '--disable-posix' > '--disable-sysvmsg' '--disable-sysvshm' '--disable-sysvsem' > > Additional .ini files parsed > /etc/php.d/curl.ini, /etc/php.d/dom.ini, /etc/php.d/fileinfo.ini, > /etc/php.d/gd.ini, /etc/php.d/json.ini, /etc/php.d/ldap.ini, > /etc/php.d/mcrypt.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_sqlite.ini, > /etc/php.d/phar.ini, /etc/php.d/sqlite3.ini, /etc/php.d/wddx.ini, > /etc/php.d/xmlreader.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, > /etc/php.d/zip.ini > > Apache Apache/2.2.15 (CentOS) loaded modules > core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file > mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default > mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile > mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include > mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires > mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav > mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation > mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute > mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http > mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi > mod_version mod_perl mod_php5 mod_ssl mod_wsgi > > > ldap > LDAP Support enabled > RCS Version $Id: ldap.c 299434 2010-05-17 20:09:42Z pajoye $ > Total Links 0/unlimited > API Version 3001 > Vendor Name OpenLDAP > Vendor Version 20423 > SASL Support Enabled > > Directive Local Value Master Value > ldap.max_links Unlimited Unlimited
Hi, your SSP configuration seems ok. The error message says that the LDAP server cannot be joined, are you really sure you do not have any firewall rule blocking the TCP connection between your PHP server and your LDAP server? You can try to activate the debug mode in SSP ($debug = true), you will maybe get more details on the problem. > Additional question: what are the requirements/dependencies to install/check > all SPP requirements? Some checks are already done in index.php. We have some dependencies on mb_string, mhash, mcrypt. To use the Samba mode for example in CentOS 6, you will face this bug: http://tools.ltb-project.org/issues/359 Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
