From: [EMAIL PROTECTED]
Operating system: SunOS 5.7 SPARC 106541-17
PHP version: 4.0.6
PHP Bug Type: LDAP related
Bug description: ldap_connect skips over SSL servers specifed in the form
ldaps://hostname/
Platform: SunOS 5.7, PHP 4.0.6 (--with-ssl), OpenLDAP 2.0.14 (--with-tls)
When given an array of ldap servers like array("ldaps://hostname_a",
"ldap://hostname_a";), ldap_connect doesn't even attempt a tcp connection to
port 636.
To further generalize my statement, if you specify any server with the
ldaps:// URL construct, ldap_connect won't attempt a tcp connection to that
server (either on port 636 or 389).
According to the ldap_connect documentation, you don't need to specify
portnames when using the URL construct. But, the only way I have found to
work around this is to specify the port in order to attempt an SSL
connection.
To test , change the elements in the array $LDAP_SERVER in the provided
include file. I am new to php and am not a programmer, so please go easy
on my dirty code!
Thank you for such a great product! I appreciate all the time and effort
this group puts into this quality production!
My function (called with no arguments, returns an LDAP link identifier upon
a successful bind):
function esm_find_ldap_server() {
require "./ldap_constants.inc";
// Find the appropriate ldap server
while ( ($ldap_linkid != TRUE) and ($port_cell =
each($LDAP_SERVER_PORTS)) ) {
$try_port = $port_cell[value];
print "Trying port $try_port<br>\n";
reset($LDAP_SERVER);
while ( ($ldap_linkid == 0) and ($server_cell = each($LDAP_SERVER))
) {
$try_server = $server_cell[value];
print "Trying server $try_server:$try_port<br>\n";
if ( $ldap_linkid = ldap_connect($try_server,$try_port) ) {
print "Connection successful: LDAP link id is $ldap_linkid,
attempting bind<br>\n";
if ( @ldap_bind($ldap_linkid, $CMS_BIND_DN, $CMS_BIND_PW)
) {
print "Successful bind. Returning.<br>\n";
return $ldap_linkid;
} else {
print "Bind failed. Continuing.<br>\n";
unset($ldap_linkid);
continue;
} //end inner if/else (successful bind)
} //end first if/else (successful connection)
} //end inner while (server selection)
} //end outer while (port selection)
} //end function
My include file ldap_contants.inc:
$CMS_BASE_DN = 'dc=library,dc=johnshopkins,dc=edu';
$CMS_BIND_RDN = 'cn=cmsproxy,ou=proxy';
$CMS_BIND_DN = "$CMS_BIND_RDN,$CMS_BASE_DN";
$CMS_BIND_PW = "xxxxxxx";
$LDAP_SERVER_PORTS = array("636","389");
// we have a problem with tcp timeouts if the host is down or
doesn't send a RST
// will have to figure out a way around tcp timeouts
$LDAP_SERVER = array("128.220.8.91", "128.220.8.108",
"128.220.8.91");
// for secure servers we need to either trust a self-signed cert or
get a real cert for the ldap server
// currently not used
$LDAP_SECURE_SERVER = array("128.220.8.108");
//filters we use to find users
$CMS_USER_FILTER = '(objectClass=posixAccount)';
$CMS_USER_BASE_DN = 'ou=People,' . "$CMS_BASE_DN";
$CMS_USER_ATTR = 'uid';
$CMS_USER_PWATTR = 'userPassword';
--
Edit bug report at: http://bugs.php.net/?id=14725&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
