Hello,
I'm tasked with writing an application in PHP that will authenticate
against a known working LDAP server. I'm having some problems binding
against that LDAP server and cannot find the issue.
I can telnet to the LDAP server's IP and port:
telnet 12.34.56.78 636
Trying 12.34.56.78...
Connected to 12.34.56.78.
Escape character is '^]'.
^]
telnet quit
Connection closed.
So I have more or less ruled out any sort of networking issue.
But then when trying ldapsearch, this command is failing:
ldapsearch -h 12.34.56.78 -p 626 -v -W -X
dn:uid=username,ou=people,dc=example,dc=com
ldap_initialize( ldap://12.34.56.78:626 )
Enter LDAP Password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
It could be that I'm not providing the correct options as I'm not
extremely familiar with ldapsearch.
And then the heart of the issue, this simple PHP script is also failing for me:
./ldap_test.php
ldap_create
ldap_url_parse_ext(LDAPS://ldap.example.com)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.example.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 12.34.56.78:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=ldap.example.com
TLS certificate verification: depth: 0, err: 66, subject:
C=US,ST=SomeState,O=SomeCompany,CN=ldap.example.com, issuer:
C=US,O=Equifax,OU=Equifax Secure Certificate Authority
TLS certificate verification: Error, Unknown error
TLS: can't connect.
ldap_err2string
The contents of my PHP test script:
error_reporting( E_ALL );
ini_set( 'display_errors', 1 );
ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, 7 );
$c = ldap_connect( 'LDAPS://ldap.example.com', 636 ) or die( 'Could
not connect to LDAP server.' );
if( ldap_bind( $c, uid=username,ou=people,dc=example,dc=com, 'xxx' ) ){
echo 'success!';
} else {
echo 'failed to bind';
}
The PHP on my local Ubuntu box currently only has the --with-ldap
option configured as I'm trying to rule out other libraries that may
possibly be causing issues. Are there other dependencies I must build
into my PHP to connect using ldap_bind() ? I have experimented with
adding --with-openssl and --with-ldap-sasl support but neither
resolved my issue.
It's also worth mentioning I am building my PHP against the OpenLDAP
libraries provided in my Linux distro:
dpkg -l|grep ldap
ii ldap-utils 2.3.35-1ubuntu0.1
OpenLDAP utilities
ii libldap-2.3-0 2.3.35-1ubuntu0.1
OpenLDAP libraries
ii libldap2 2.1.30-13.4
OpenLDAP libraries
ii libldap2-dev 2.1.30-13.4
OpenLDAP development libraries
There are of course other ldap libraries available but I have no idea
if I need them or not. Seems everyone is building their PHP against
OpenLDAP so that's what I'm trying to use too.
I ran ldconfig after installing the above libraries and they seem to
be found with no problems during configuration and compilation.
Any idea what might be the problem or what else I can try? I've
already tried everything Google has to offer on the issue and am still
stuck.
Thanks,
--
Greg Donald
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
