I am having problems with Apache occasionally giving me a segmentation fault when making ldap calls from php.
I am currently using openldap-2.0.23, Apache 1.3.22 and PHP 4.2.1. My php program is being used to authenticate a user against several Microsoft Active Directory Servers. It works flawlessly 95% of the time, but intermittently (about 5% of the time) Apache gives me a segmentation faulty when I call I get either ldap_bind or ldap_close. My code basically: Opens a socket to port 389 to be sure the server is working. Close the socket If the server is operational use ldap_connect to connect to the server Use ldap_bind to bind to the server as a known user. Do an ldap_search for the "cn" and "sn" of the user we want to authenticate. Use ldap_get_entries to put the returned entries into a string. At this point the next ldap call I make sometimes causes a segmentation fault but most of the time it works. At this point what I need to do is do a ldap_bind as the correct user to authenticate them. If I try either an ldap_unbind, ldap_close, or ldap_bind here all of these will work most of the time and give me a segmentation fault occasionally. Here is the basic php code. // Check to see that the active directory server is operational // before we try to make a connection to it. if ($fp = fsockopen($ADServer1,389,$errno,$errstr,$Timeout)) { fclose($fp); $ds=ldap_connect($ADServer1); $ADServer=$ADServer1; } if (!$ds) { if ($fp = fsockopen($ADServer2,389,$errno,$errstr,$Timeout)) { fclose($fp); $ds=ldap_connect($ADServer2); $ADServer=$ADServer2; } } if (!$ds) { DisplayError("Unable to bind to ldap server"); exit; } else { // // First bind as our "ANONYMOUS" user and lookup the full cn // for the user that is actually logging in. // if (!(ldap_bind($ds,$LOOKUP_BIND_DN,$LOOKUP_BIND_PASSWORD))) { DisplayError("LDAP Bind for $LOOKUP_BIND_USER did not work"); ldap_unbind($ds); exit; } else { $justthese=array("cn","sn"); $filter="(samaccountname=$USERNAME)"; $sr=ldap_search($ds,"dc=radford,dc=edu",$filter,$justthese); $info=ldap_get_entries($ds,$sr); if ($info==FALSE) { DisplayError("unable to find user in the directory."); exit; } if ($info["count"] <> 1) { DisplayError("No user account found for $USERNAME"); exit; } else { $USER_DN=$info[0]["dn"]; // At this point I have the DN for the user I need to // bind as this user to see if they entered the correct // password. // NOTE: This is where my next ldap call will occasionally // (about 5% of the time) creates the seg fault. // I have tried taking out the ldap_close and // ldap_connect becuase I should be able to // just bind again, but I get the same // result either way. ldap_close($ds); $ds=ldap_connect($ADServer); if (!$ds) { DisplayError("Unable to bind to ldap server on second bind"); exit; } if (!(ldap_bind($ds,$USER_DN,$PASSWORD))) { DisplayError("Invald Password"); ldap_unbind($ds); exit; } -------------------------------------------------------- Ed Oakes Phone: (540) 831-6233 Radford University Fax: (540) 831-5555 Academic Computing Email: [EMAIL PROTECTED] http://www.radford.edu/~acadcomp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php