ID:               39669
 Updated by:       [EMAIL PROTECTED]
 Reported By:      sujiannming at gmail dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         LDAP related
 Operating System: Linux
 PHP Version:      4.4.4
 New Comment:

>I can reproduce this problem one of two ways.
Do you know of any public LDAP servers?

>Maybe my php was compiled against an older version of openldap?
How do we know that?


Previous Comments:
------------------------------------------------------------------------

[2006-11-30 05:51:19] sujiannming at gmail dot com

I'm looking for php's ldap support to properly connect to an LDAP
server using SSL on port 636.  

What I'm seeing when I trace traffic generated by the ldap_bind()
sample code is a SSL Continuation Data packet.  This seems to be
preventing the php code to properly connect and bind to the ldap
server.  When I trace the traffic generated by ldapsearch, I see a
SSLv2 Client Hello packet.  Using ldapsearch, I'm able to connect and
bind to the ldap server via SSL on port 636.  I'm using tcpdump and
wireshark to trace the traffic, BTW.

I can reproduce this problem one of two ways.  One, try the sample code
found at http://us2.php.net/manual/en/function.ldap-bind.php with php
4.3.x, 4.4.4, or 5.1.x.  Two, try to connect to a ldap server using SSL
on port 636 using Drupal's ldap_authentication module.  Connecting with
TLS seems to work fine if the ldap server supports it.

Maybe my php was compiled against an older version of openldap?  I'm
using php packages that come with Debian and RedHat/CentOS.  I
apologize for not being more clear in my original bug report.

------------------------------------------------------------------------

[2006-11-29 21:06:13] [EMAIL PROTECTED]

What exactly are you looking for, what do you see and how to reproduce
it?


------------------------------------------------------------------------

[2006-11-28 23:45:47] sujiannming at gmail dot com

Description:
------------
When connecting to ldaps:// via port 636, the first packet after the
TCP handshake should be a SSLv2 "Client Hello."  At least tracing
ldapsearch, this is the case.  However, with both php 4.3.x, 4.4.4, and
php 5.1.x, the first packet after the TCP handshake seems to be a SSL
Continuation Data.  The result of this is the inability for php to bind
to the ldap server.

Reproduce code:
---------------
http://us2.php.net/manual/en/function.ldap-bind.php

Expected result:
----------------
When doing a tcpdump, I "should" see a SSLv2 Client Hello packet
destined for the ldaps server.  Which is what I see when I run the
following ldapsearch command:

ldapsearch -x  -H ldaps://ldap.example.bogus -b dc=example,dc=bogus -D
"uid=nocuser,ou=services,dc=example,dc=bogus" -W uid=some_uid

Actual result:
--------------
I'm actually seeing a SSL Continuation Data packet instead.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39669&edit=1

Reply via email to