ID: 39669 Updated by: [EMAIL PROTECTED] Reported By: sujiannming at gmail dot com -Status: Open +Status: Feedback Bug Type: LDAP related Operating System: Linux PHP Version: 4.4.4 New Comment:
>I can reproduce this problem one of two ways. Do you know of any public LDAP servers? >Maybe my php was compiled against an older version of openldap? How do we know that? Previous Comments: ------------------------------------------------------------------------ [2006-11-30 05:51:19] sujiannming at gmail dot com I'm looking for php's ldap support to properly connect to an LDAP server using SSL on port 636. What I'm seeing when I trace traffic generated by the ldap_bind() sample code is a SSL Continuation Data packet. This seems to be preventing the php code to properly connect and bind to the ldap server. When I trace the traffic generated by ldapsearch, I see a SSLv2 Client Hello packet. Using ldapsearch, I'm able to connect and bind to the ldap server via SSL on port 636. I'm using tcpdump and wireshark to trace the traffic, BTW. I can reproduce this problem one of two ways. One, try the sample code found at http://us2.php.net/manual/en/function.ldap-bind.php with php 4.3.x, 4.4.4, or 5.1.x. Two, try to connect to a ldap server using SSL on port 636 using Drupal's ldap_authentication module. Connecting with TLS seems to work fine if the ldap server supports it. Maybe my php was compiled against an older version of openldap? I'm using php packages that come with Debian and RedHat/CentOS. I apologize for not being more clear in my original bug report. ------------------------------------------------------------------------ [2006-11-29 21:06:13] [EMAIL PROTECTED] What exactly are you looking for, what do you see and how to reproduce it? ------------------------------------------------------------------------ [2006-11-28 23:45:47] sujiannming at gmail dot com Description: ------------ When connecting to ldaps:// via port 636, the first packet after the TCP handshake should be a SSLv2 "Client Hello." At least tracing ldapsearch, this is the case. However, with both php 4.3.x, 4.4.4, and php 5.1.x, the first packet after the TCP handshake seems to be a SSL Continuation Data. The result of this is the inability for php to bind to the ldap server. Reproduce code: --------------- http://us2.php.net/manual/en/function.ldap-bind.php Expected result: ---------------- When doing a tcpdump, I "should" see a SSLv2 Client Hello packet destined for the ldaps server. Which is what I see when I run the following ldapsearch command: ldapsearch -x -H ldaps://ldap.example.bogus -b dc=example,dc=bogus -D "uid=nocuser,ou=services,dc=example,dc=bogus" -W uid=some_uid Actual result: -------------- I'm actually seeing a SSL Continuation Data packet instead. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39669&edit=1