The documentation for ldap_start_tls does not mention that you MUST be using LDAP
protcol version 3. I spent a day looking through google and source
trying to figure out why this was happening. I finally just changed ext/ldap/ldap.c
to force LDAP protocol version 3.
After happening across bug #13278 I realized that I could have just used
ldap_set_option (I neglected to take notice of this function
probably just because I was burnt out from trying to solve this problem.)
Could ldap_start_tls be changed to force protocol version 3 (since it is required) or
could the ldap_start_tls function page be updated
to alert people that this must be done?
The changes I made to get this to work, though sort of a waste of time now that I know
of ldap_set_option are below.
-matt
--- ext/ldap/ldap.c-dist Thu Jul 18 15:35:00 2002
+++ ext/ldap/ldap.c Thu Jul 18 15:49:52 2002
@@ -1997,15 +1997,22 @@
Start TLS */
PHP_FUNCTION(ldap_start_tls)
{
+ int version = LDAP_VERSION3;
pval **link;
ldap_linkdata *ld;
-
+
if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == FAILURE) {
WRONG_PARAM_COUNT;
}
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link", le_link);
+ //try to set LDAP version to LDAP_VERSION3
+ if (ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &version) !=
+LDAP_SUCCESS) {
+ php_error(E_WARNING, "LDAP: TLS: Unable to start TLS: %s",
+ ldap_err2string(_get_lderrno(ld->link)));
+ RETURN_FALSE;
+ }
if (ldap_start_tls_s(ld->link, NULL, NULL) != LDAP_SUCCESS) {
php_error(E_WARNING,"LDAP: Unable to start TLS: %s",
ldap_err2string(_get_lderrno(ld->link)));
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
