From: [EMAIL PROTECTED]
Operating system: Solaris 7
PHP version: 4.0.6
PHP Bug Type: LDAP related
Bug description: enhancement for ldap_start_tls function
I would like to have my ldap connections encrypted so I added the function
ldap_start_tls to the ldap module. Following is the diff:
--- ./ext/ldap/ldap.c.orig Wed Sep 12 15:53:24 2001
+++ ./ext/ldap/ldap.c Wed Sep 12 16:03:00 2001
@@ -69,6 +69,9 @@
PHP_FE(ldap_connect,
NULL)
PHP_FALIAS(ldap_close, ldap_unbind, NULL)
PHP_FE(ldap_bind,
NULL)
+#if LDAP_API_VERSION > 2000
+ PHP_FE(ldap_start_tls,
NULL)
+#endif
PHP_FE(ldap_unbind,
NULL)
PHP_FE(ldap_read,
NULL)
PHP_FE(ldap_list,
NULL)
@@ -385,12 +388,22 @@
} else
#endif
{
- ldap = ldap_open(host,port);
+ ldap = ldap_init(host,port);
}
if ( ldap == NULL ) {
RETURN_FALSE;
} else {
+#if LDAP_API_VERSION > 2000
+ int version = LDAP_VERSION3;
+ int rc;
+
+ rc = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
&version);
+ if (rc != LDAP_OPT_SUCCESS) {
+ php_error(E_WARNING, "Could not set protocol
version 3 (%d): %s\n", rc, ldap_err2string(rc));
+ RETURN_FALSE;
+ }
+#endif
#ifdef HAVE_ORALDAP
if (ssl) {
if (ldap_init_SSL(&ldap->ld_sb, wallet,
walletpasswd,
@@ -510,6 +523,31 @@
}
#endif
+
+#if LDAP_API_VERSION > 2000
+/* {{{ proto int ldap_start_tls(int link)
+ Start TLS */
+PHP_FUNCTION(ldap_start_tls)
+{
+ pval **link;
+ LDAP *ldap;
+
+ if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) ==
FAILURE) {
+ WRONG_PARAM_COUNT;
+ }
+
+ ldap = _get_ldap_link(link);
+ if (ldap == NULL) RETURN_FALSE;
+
+ if (ldap_start_tls_s(ldap, NULL, NULL) != LDAP_SUCCESS) {
+ php_error(E_WARNING,"LDAP: Unable to start TLS:
%s",ldap_err2string(_get_lderrno(ldap)));
+ RETURN_FALSE;
+ } else {
+ RETURN_TRUE;
+ }
+}
+/* }}} */
+#endif
/* {{{ proto int ldap_bind(int link [, string dn, string password])
Bind to LDAP directory */
--- ./ext/ldap/php_ldap.h.orig Wed Sep 12 16:04:27 2001
+++ ./ext/ldap/php_ldap.h Wed Sep 12 16:05:14 2001
@@ -39,6 +39,10 @@
PHP_FUNCTION(ldap_connect);
+#if LDAP_API_VERSION > 2000
+PHP_FUNCTION(ldap_start_tls);
+#endif
+
PHP_FUNCTION(ldap_bind);
PHP_FUNCTION(ldap_unbind);
The usage should be obvious, it takes just one argument, the ldap
connection handle. I'm using Openldap 2.0.7 with php and this function
works great with it. I didn't test whether this patch breaks other ldap
toolkits. One problem could be that I force the use of ldap-v3 so that
should probably be an option somewhere (maybe an option to ldap_open or
so).
--
Edit bug report at: http://bugs.php.net/?id=13278&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
