ID: 14725
Updated by: venaas
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Closed
Bug Type: LDAP related
Operating System: SunOS 5.7 SPARC 106541-17
PHP Version: 4.0.6
New Comment:
There are several ways to use ldap_connect(). With all LDAP
APIs (I think), you should be able to specify multiple
hosts separated by space, and do something like:
ldap_connect("hosta hostb hostc", $port). If you skip the
final argument, 389 is used. If you specify 636, you are
still not using SSL.
If you use OpenLDAP 2 API (like you do), you can use URLs
instead of hosts, then the $port argument is not used.
You can then do say:
ldap_connect("ldaps://hosta ldaps://hostb:637")
to first try SSL to hosta on port 636, and next SSL to
hostb on port 637. If you are not using SSL, you can do say
ldap_connect("ldap://hosta ldap://hostb:390";)
again, you can specify 636, but you're not using SSL then.
You can also mix ldap and ldaps URLs if you like.
I must confess I didn't look much at your code, but it
won't work to use an array as argument to ldap_connect(). I'm closing this case, since
I don't see a bug. Please
reopen if what I wrote above doesn't work.
Previous Comments:
------------------------------------------------------------------------
[2001-12-27 16:31:47] [EMAIL PROTECTED]
Platform: SunOS 5.7, PHP 4.0.6 (--with-ssl), OpenLDAP 2.0.14 (--with-tls)
When given an array of ldap servers like array("ldaps://hostname_a",
"ldap://hostname_a";), ldap_connect doesn't even attempt a tcp connection to port 636.
To further generalize my statement, if you specify any server with the ldaps:// URL
construct, ldap_connect won't attempt a tcp connection to that server (either on port
636 or 389).
According to the ldap_connect documentation, you don't need to specify portnames when
using the URL construct. But, the only way I have found to work around this is to
specify the port in order to attempt an SSL connection.
To test , change the elements in the array $LDAP_SERVER in the provided include file.
I am new to php and am not a programmer, so please go easy on my dirty code!
Thank you for such a great product! I appreciate all the time and effort this group
puts into this quality production!
My function (called with no arguments, returns an LDAP link identifier upon a
successful bind):
function esm_find_ldap_server() {
require "./ldap_constants.inc";
// Find the appropriate ldap server
while ( ($ldap_linkid != TRUE) and ($port_cell = each($LDAP_SERVER_PORTS)) ) {
$try_port = $port_cell[value];
print "Trying port $try_port<br>\n";
reset($LDAP_SERVER);
while ( ($ldap_linkid == 0) and ($server_cell = each($LDAP_SERVER)) ) {
$try_server = $server_cell[value];
print "Trying server $try_server:$try_port<br>\n";
if ( $ldap_linkid = ldap_connect($try_server,$try_port) ) {
print "Connection successful: LDAP link id is $ldap_linkid, attempting
bind<br>\n";
if ( @ldap_bind($ldap_linkid, $CMS_BIND_DN, $CMS_BIND_PW) ) {
print "Successful bind. Returning.<br>\n";
return $ldap_linkid;
} else {
print "Bind failed. Continuing.<br>\n";
unset($ldap_linkid);
continue;
} //end inner if/else (successful bind)
} //end first if/else (successful connection)
} //end inner while (server selection)
} //end outer while (port selection)
} //end function
My include file ldap_contants.inc:
$CMS_BASE_DN = 'dc=library,dc=johnshopkins,dc=edu';
$CMS_BIND_RDN = 'cn=cmsproxy,ou=proxy';
$CMS_BIND_DN = "$CMS_BIND_RDN,$CMS_BASE_DN";
$CMS_BIND_PW = "xxxxxxx";
$LDAP_SERVER_PORTS = array("636","389");
// we have a problem with tcp timeouts if the host is down or doesn't send a
RST
// will have to figure out a way around tcp timeouts
$LDAP_SERVER = array("128.220.8.91", "128.220.8.108", "128.220.8.91");
// for secure servers we need to either trust a self-signed cert or get a real
cert for the ldap server
// currently not used
$LDAP_SECURE_SERVER = array("128.220.8.108");
//filters we use to find users
$CMS_USER_FILTER = '(objectClass=posixAccount)';
$CMS_USER_BASE_DN = 'ou=People,' . "$CMS_BASE_DN";
$CMS_USER_ATTR = 'uid';
$CMS_USER_PWATTR = 'userPassword';
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14725&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
