ID: 39291 Comment by: willem at hig dot be Reported By: lee dot essen at nowonline dot co dot uk Status: Feedback Bug Type: LDAP related Operating System: Solaris 10 PHP Version: 5.1.6 New Comment:
Hello, I am using the following setup: openldap 2.3.24-r1 php 5.1.6-p14-gentoo phpldapadmin 1.0.1 The setup with sasl for openldap and connecting with ldapsearch -Y ... -R ... -U <sasl-id> works fine. But connection with phpldapadmin (using php ldap_sasl_bind) does not work. Gives the same problems as "lee dot lessen" below. Now I have to put all my users password in the ldap directory and in sasl (used for cyrus imap) because I have to use simple binds from phpldapadmin. Is it possible to give this some priority as now phpldapadmin sasl support is 100% broken? I would love to help you guys in testing. Please let me know. Regards, Willem Previous Comments: ------------------------------------------------------------------------ [2006-12-31 21:02:34] [EMAIL PROTECTED] Please provide a patch and we'll review it. ------------------------------------------------------------------------ [2006-12-13 16:41:31] tregi at inwind dot it Hy, I am not an LDAP, PHP or SASL expert too, but i'm experiencing the same problem in using ldap_sasl_bind function. Using ldapsearch i can bind my LDAP server (Active Directory) only with -U option (authcid). My server has, i suppose, empty authorization and strong authentication. I try to use DIGEST-MD5 and it works with ldapsearch, but does not with php. So, i would appreciate your help; maybe your patch can solve my problem. Thanks. ------------------------------------------------------------------------ [2006-10-28 14:44:11] lee dot essen at nowonline dot co dot uk Description: ------------ ** Caveat: I am not an LDAP, PHP or SASL expert, so I could be a long way off the mark here ** This is similar to bug 35611 (which is marked as Bogus!) and related to 30189, but I believe the problem is with authcid and not authzid. ldap_sasl_bind sends the binddn as the authcid, this behaviour differs to the standard ldapsearch etc utilities when using "-U" to send a username. This basically means that I cannot get it to bind to my ldap server, looking at the slapd debug it seems to send a username like... username="cn=My Name,ou=People,..." ... when I look at the debug from using an ldapsearch -U it gets a username="shortname" type output. By hacking the code to add another option (authcid) to the php ldap_sasl_bind function and sending that for the authcid instead of binddn everything works perfectly. A simple example is that you don't need to provide a BindDN to ldapsearch if you use -U, this is because the username will be mapped by the authz-regex to a real object. If you don't specify a binddn with PHP you get a "SASL bind in progress" error, and if you just specify a username then it fails with "invalid dn". (I can provide a very simple patch that fixes the problem if it helps) Reproduce code: --------------- See description above. Expected result: ---------------- See description above. Actual result: -------------- See description above. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39291&edit=1
