ID: 13278 Updated by: venaas Reported By: [EMAIL PROTECTED] Old Status: Open Status: Feedback Bug Type: LDAP related Operating System: Solaris 7 PHP Version: 4.0.6 Old Assigned To: Assigned To: venaas New Comment: We need the function, but we can't force v3, and we can't use ldap_init() for everyone either. The version can be forced by the user by doing ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); before using your function. Can you check if your code works if you do no changes except adding the function, and set the version like I suggest above? Previous Comments: ------------------------------------------------------------------------ [2001-09-12 22:00:36] [EMAIL PROTECTED] I would like to have my ldap connections encrypted so I added the function ldap_start_tls to the ldap module. Following is the diff: --- ./ext/ldap/ldap.c.orig Wed Sep 12 15:53:24 2001 +++ ./ext/ldap/ldap.c Wed Sep 12 16:03:00 2001 @@ -69,6 +69,9 @@ PHP_FE(ldap_connect, NULL) PHP_FALIAS(ldap_close, ldap_unbind, NULL) PHP_FE(ldap_bind, NULL) +#if LDAP_API_VERSION > 2000 + PHP_FE(ldap_start_tls, NULL) +#endif PHP_FE(ldap_unbind, NULL) PHP_FE(ldap_read, NULL) PHP_FE(ldap_list, NULL) @@ -385,12 +388,22 @@ } else #endif { - ldap = ldap_open(host,port); + ldap = ldap_init(host,port); } if ( ldap == NULL ) { RETURN_FALSE; } else { +#if LDAP_API_VERSION > 2000 + int version = LDAP_VERSION3; + int rc; + + rc = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); + if (rc != LDAP_OPT_SUCCESS) { + php_error(E_WARNING, "Could not set protocol version 3 (%d): +%s\n", rc, ldap_err2string(rc)); + RETURN_FALSE; + } +#endif #ifdef HAVE_ORALDAP if (ssl) { if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd, @@ -510,6 +523,31 @@ } #endif + +#if LDAP_API_VERSION > 2000 +/* {{{ proto int ldap_start_tls(int link) + Start TLS */ +PHP_FUNCTION(ldap_start_tls) +{ + pval **link; + LDAP *ldap; + + if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == FAILURE) { + WRONG_PARAM_COUNT; + } + + ldap = _get_ldap_link(link); + if (ldap == NULL) RETURN_FALSE; + + if (ldap_start_tls_s(ldap, NULL, NULL) != LDAP_SUCCESS) { + php_error(E_WARNING,"LDAP: Unable to start TLS: +%s",ldap_err2string(_get_lderrno(ldap))); + RETURN_FALSE; + } else { + RETURN_TRUE; + } +} +/* }}} */ +#endif /* {{{ proto int ldap_bind(int link [, string dn, string password]) Bind to LDAP directory */ --- ./ext/ldap/php_ldap.h.orig Wed Sep 12 16:04:27 2001 +++ ./ext/ldap/php_ldap.h Wed Sep 12 16:05:14 2001 @@ -39,6 +39,10 @@ PHP_FUNCTION(ldap_connect); +#if LDAP_API_VERSION > 2000 +PHP_FUNCTION(ldap_start_tls); +#endif + PHP_FUNCTION(ldap_bind); PHP_FUNCTION(ldap_unbind); The usage should be obvious, it takes just one argument, the ldap connection handle. I'm using Openldap 2.0.7 with php and this function works great with it. I didn't test whether this patch breaks other ldap toolkits. One problem could be that I force the use of ldap-v3 so that should probably be an option somewhere (maybe an option to ldap_open or so). ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=13278&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]