OK - just got a bit crazier!
That function works when running on the command line.
As the root user, as the webserver user and ANY user
who can run the php command (truss on php shows that it
IS reading the ldap.conf file from /usr/local/openldap/etc)
But why does it not work from the Web Server ?!
From: Karamchedu, Rajeev K. [mailto:[EMAIL PROTECTED]
Sent: Sun 9/19/2004 6:26 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] PHP + SSL + LDAP + IPLANET
(That Iplanet word must have peaked your interest...riight...)
OS: Solaris 9
CC: GCC 3.2.2
APP: Sun ONE Web Server 6.2SP2
LDAP: Sun ONE Directory Server 5.2 (configured for SSL and confirmed with non-php apps)
Configured PHP 4.3.8/or 5.1 with openssl, openldap, libxml, zlib using GCC 3.2.2 (all
latest stable versions).
Created and installed the certificates. Verified using openssl programs and ldapsearch
I have a *few* questions
a) Internet research to get ldaps working with PHP tells me that I have to setup a
variable for the Web Server User and dump a .ldaprc file in there, in addition to
specifying option in
the ldap.conf file. I did that in the magnus.conf file using init-cgi directive.
The Env Variable is visible to all the cgi programs. HOWEVER, the phpinfo()
command does not pick up that (and all of my other user Environment variables
such as ORACLE_HOME etc)
and hence does not see that file. phpinfo() keeps reporting that the user is root
(I don't want that!).
The Web Server runs as a non-root user.
What gives ? I read some docs but they are not clear on how to pass these env
Q: How can I make vendor/custom environment variables available for PHP running in
IPLANET server ?
b) I added the following lines to my /usr/local/openldap/etc/openldap/ldap.conf file
# Instruct client to NOT request a server's cert.
# Define location of CA Cert
The ldapsearch util works good and makes SSL connection to the ldap server (using
ldapsearch -H "ldaps://server.tigr.org")
To test PHP's ability, I am using the connect_AD function from the PHP man page
$ldap_server = "ldaps://adserver.ad.com" ;
$ldap_user = "CN=web service account,OU=Service Accounts,DC=ad,DC=com" ;
$ldap_pass = "password" ;
$ad = ldap_connect($ldap_server) ;
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
$bound = ldap_bind($ad, $ldap_user, $ldap_pass);
return $ad ;
BUT the above function does not work. It just "hangs" at the ldap_connect stage. No
output on snoop also (tcpdump for solaris).
However, when I tried to specifiy ldap_connect (server, 636), it get's past that point
but hangs at ldap_bind.
I have a feeling that PHP under IPLANET is just not able to pick up the installed
certificates. May be connected to the fact
that I can't get it retrieve my environment variables specified in the server ... ?
Any pointers ? please ? I will summarize once i find a solution.
many many tia