Re: [PHP] php-ldap works in commandline but not through browser
Did you check both php.ini files? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php-ldap works in commandline but not through browser
Hi, ldap extension was loaded in the php.ini file. php -i |grep ldap /etc/php.d/ldap.ini, ldap RCS Version = $Id: ldap.c,v 1.161.2.3.2.14 2008/12/31 11:17:39 sebastian Exp $ Regards Chima.s On Thu, Oct 15, 2009 at 7:17 PM, xfe...@gmail.com wrote: Did you check both php.ini files? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php-ldap works in commandline but not through browser
Hi All, I am using tring with sample program to connect the ldap using php. Below is the sample code: == ?php echo $test=ldapAuthenticate('username','password','domainname'); function ldapAuthenticate($username,$password, $domainname) { global $ds; $ds = ldap_connect(xxx.xxx.xxx.xxx); if($ds) { if(ldap_bind($ds)) { $search = ldap_search($ds, ou=$domainname,dc=comapny, uid=$username); if( ldap_count_entries($ds,$search) != 1 ) { echo Error processing username -- please try to login again. (Debug 3); return 0; } $info = ldap_get_entries($ds, $search); $bind = @ldap_bind($ds, $info[0][dn], $password); if( !$bind || !isset($bind)) { echo Login failed -- please try again. (Debug 4); return 0; } $search = ldap_search($ds, ou=$domainname,dc=company, uid=$username); $info = ldap_get_entries($ds, $search); if( $username == $info[0][uid][0] ) { return 1; } else { return 0; } } else { echo \nAnonymous bind to LDAP FAILED. Contact Tech Services! (Debug 2)\n; return 0; } } else { echo technical services! (Debug 1); return 0; } } ? === When i execute this program with command line its works fine But when is try this in browser its not working. It struck with bind statement and not throwing any error, Following are the version of application: httpd-2.0.52-41 php-5.2.9-1 openldap-2.2.13-8 Note: There is no filrewall between web server and ldap server. Regards Chima.s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP over SSL problems (SOLVED)
On Fri, Apr 3, 2009 at 10:16 AM, in message 49d5e20c.8302.00a...@sjhc.london.on.ca, Keith Lawson keith.law...@sjhc.london.on.ca wrote: On Thu, Apr 2, 2009 at 5:51 PM, in message 49d53344.7040...@gmail.com, Chris dmag...@gmail.com wrote: Keith Lawson wrote: Hello, I have been working on this problem for some time now and I can't seem to resolve it. Everything I have found on google and php.net says I can connect to an LDAP server with SSL by setting TLS_REQCERT never in ldap.conf. I want to eliminate certs from the picture for now just to confirm I can make the connection which is why I have TLS_REQCERT never set. I added that setting to my ldap.conf and my test code now works from the command line but it does not work when I call it from a browser. Here is my test: ?php $ldaphost = ldaps://my.ldap.server; //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connecting to LDAP $ldapconn = ldap_connect($ldaphost) or die(Could not connect to {$ldaphost}); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); echo var_dump(@ldap_bind($ldapconn, cn=Keithl, ou=Users, o=LH)); It's hard to know - you're suppressing errors. Add these 2 lines to your script: error_reporting(E_ALL); ini_set('display_errors', true); I've done that and I get the following when I load the page in a browser: Warning: ldap_bind() [function.ldap- bind]: Unable to bind to server: Can't contact LDAP server in /www/doc/INTRA/ktlwiki/ldap- test.php on line 19 bool(false) Can't contact LDAP server From the command line still works: [www]/www/doc/ php ldap- test.php bool(true) brSuccessbr As I mentioned the command line call did not work until I added TLS_REQCERT never to ldap.conf. I need to figure out why the apache loadable module is behaving differently than the command line binary. I'm pretty sure the web page is failing because it is still trying to verify the LDAP server's cert. My problem was that I had compiled Apache against the Solaris 10 openSSL libraries version 0.9.7. When I installed OpenLDAP and recompiled PHP I manually build new openSSL libs that were version 0.9.8. Rebuilding apache and linking to the same openSSL libraries resolved this problem for me. That explains why I was seeing different behavior with command line PHP than when I called the same code through Apache. Thanks for the suggestions Chris. Then get rid of the @ in front of ldap_bind. Use http://www.php.net/manual/en/function.ldap- error.php to capture the error message and search for it. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP over SSL problems
On Thu, Apr 2, 2009 at 5:51 PM, in message 49d53344.7040...@gmail.com, Chris dmag...@gmail.com wrote: Keith Lawson wrote: Hello, I have been working on this problem for some time now and I can't seem to resolve it. Everything I have found on google and php.net says I can connect to an LDAP server with SSL by setting TLS_REQCERT never in ldap.conf. I want to eliminate certs from the picture for now just to confirm I can make the connection which is why I have TLS_REQCERT never set. I added that setting to my ldap.conf and my test code now works from the command line but it does not work when I call it from a browser. Here is my test: ?php $ldaphost = ldaps://my.ldap.server; //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connecting to LDAP $ldapconn = ldap_connect($ldaphost) or die(Could not connect to {$ldaphost}); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); echo var_dump(@ldap_bind($ldapconn, cn=Keithl, ou=Users, o=LH)); It's hard to know - you're suppressing errors. Add these 2 lines to your script: error_reporting(E_ALL); ini_set('display_errors', true); I've done that and I get the following when I load the page in a browser: Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /www/doc/INTRA/ktlwiki/ldap-test.php on line 19 bool(false) Can't contact LDAP server From the command line still works: [www]/www/doc/ php ldap-test.php bool(true) brSuccessbr As I mentioned the command line call did not work until I added TLS_REQCERT never to ldap.conf. I need to figure out why the apache loadable module is behaving differently than the command line binary. I'm pretty sure the web page is failing because it is still trying to verify the LDAP server's cert. Then get rid of the @ in front of ldap_bind. Use http://www.php.net/manual/en/function.ldap- error.php to capture the error message and search for it. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP over SSL problems
Hello, I have been working on this problem for some time now and I can't seem to resolve it. Everything I have found on google and php.net says I can connect to an LDAP server with SSL by setting TLS_REQCERT never in ldap.conf. I want to eliminate certs from the picture for now just to confirm I can make the connection which is why I have TLS_REQCERT never set. I added that setting to my ldap.conf and my test code now works from the command line but it does not work when I call it from a browser. Here is my test: ?php $ldaphost = ldaps://my.ldap.server; //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connecting to LDAP $ldapconn = ldap_connect($ldaphost) or die(Could not connect to {$ldaphost}); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); echo var_dump(@ldap_bind($ldapconn, cn=Keithl, ou=Users, o=LH)); ? This returns true when called from the command line: [www]/www/doc/ktlwiki php ldap-test.php bool(true) But when I load the same code through a browser it fails. I'm using php 5.2.6, openldap 2.4.11 and openssl 0.9.8i on Solaris 10. I built everything from source, PHP has LDAP and SSL support compiled in. My openldap install is in /opt. Trussing the command line process and the apache process shows similar results: Command line: 26651: open(/opt/lib/libldap-2.4.so.2, O_RDONLY) = 3 26651: open(ldap-test.php, O_RDONLY) = 4 26651: resolvepath(/www/doc/INTRA/ktlwiki/ldap-test.php, /www/doc/INTRA/ktlwiki/ldap-test.php, 1024) = 36 26651: open(/opt/etc/openldap/ldap.conf, O_RDONLY) = 4 Apache process: 24656: open(/opt/lib/libldap-2.4.so.2, O_RDONLY) = 6 24818: open(/www/doc/INTRA/ktlwiki/ldap-test.php, O_RDONLY) = 45 24818: open(/opt/etc/openldap/ldap.conf, O_RDONLY) = 4 Any idea why the same code served by apache would ignore the TLS_REQCERT setting?! TIA Keith The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP over SSL problems
Keith Lawson wrote: Hello, I have been working on this problem for some time now and I can't seem to resolve it. Everything I have found on google and php.net says I can connect to an LDAP server with SSL by setting TLS_REQCERT never in ldap.conf. I want to eliminate certs from the picture for now just to confirm I can make the connection which is why I have TLS_REQCERT never set. I added that setting to my ldap.conf and my test code now works from the command line but it does not work when I call it from a browser. Here is my test: ?php $ldaphost = ldaps://my.ldap.server; //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connecting to LDAP $ldapconn = ldap_connect($ldaphost) or die(Could not connect to {$ldaphost}); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); echo var_dump(@ldap_bind($ldapconn, cn=Keithl, ou=Users, o=LH)); It's hard to know - you're suppressing errors. Add these 2 lines to your script: error_reporting(E_ALL); ini_set('display_errors', true); Then get rid of the @ in front of ldap_bind. Use http://www.php.net/manual/en/function.ldap-error.php to capture the error message and search for it. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP - Single Sign On
thanks for the response, i can see how this works (i think) for basic authentication with user input,but what i really need is to actually retrieve the logged on user name after a user has logged into windows. i.e. the user name that the http client passes to the apache mod has been captured not from user input, but from say a piece of code that picks up the user name when the user logs in. Probably less to do with php now that i come to think of it, but thanks anyway. Ade Jay Blanchard wrote: [snip] Sorry if this has been asked before but i am currently drawing a blank STW etc.. is there any way of retrieving the user name of a user (through the browser) that has logged on to a network (windows OS). I have used php with LDAP before and made the user log into the website, however i would really like to have a Single Sign On (SSO) environment. Is this possible? PHP is my preferred language but if you know of any way of doing this i would be greatful. [/snip] http://www.pocket.com/ldap http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP LDAP - Single Sign On
[snip] thanks for the response, i can see how this works (i think) for basic authentication with user input,but what i really need is to actually retrieve the logged on user name after a user has logged into windows. i.e. the user name that the http client passes to the apache mod has been captured not from user input, but from say a piece of code that picks up the user name when the user logs in. Probably less to do with php now that i come to think of it, but thanks anyway. [/snip] Ah...I see now. Several have asked this question, let me rephrase and see if this makes better sense How can one capture the login user name from a Windows logon? ASP can do it, but can it be done with PHP as one would do with PHP_AUTH_USER? IIRC I don't think that it is possible with PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP - Single Sign On
well, I'm sure that if you really wanted to try to write your own auth module in PHP you could theoretically do so - but in lieu of that there is an open source apache module that you might want to look into called mod_ntlm http://modntlm.sourceforge.net/ keep in mind that all this does is ask the browser for the current users creds after a handshake. IE is the only one that I know of that will gleefully hand out that info without asking the user - all the other browsers that I've tested ask you if that's ok with you first (as it should be) On Jun 28, 2006, at 8:07 AM, Jay Blanchard wrote: [snip] thanks for the response, i can see how this works (i think) for basic authentication with user input,but what i really need is to actually retrieve the logged on user name after a user has logged into windows. i.e. the user name that the http client passes to the apache mod has been captured not from user input, but from say a piece of code that picks up the user name when the user logs in. Probably less to do with php now that i come to think of it, but thanks anyway. [/snip] Ah...I see now. Several have asked this question, let me rephrase and see if this makes better sense How can one capture the login user name from a Windows logon? ASP can do it, but can it be done with PHP as one would do with PHP_AUTH_USER? IIRC I don't think that it is possible with PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP - Single Sign On
On Wed, June 28, 2006 3:37 am, Adrian Bruce wrote: thanks for the response, i can see how this works (i think) for basic authentication with user input,but what i really need is to actually retrieve the logged on user name after a user has logged into windows. So, basically, you think Windows is going to provide every web-server on the planet with the desktop username of every user of Windows who visits? Doesn't that seem like maybe a bit of a Security Risk and Privacy Invasion? I suspect that what you want does not exist, and never will exist. Though, with Microsoft, you never know... The LDAP - Active Directory thing is the closest equivalent to what you are asking. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP - Single Sign On
Hi all Sorry if this has been asked before but i am currently drawing a blank STW etc.. is there any way of retrieving the user name of a user (through the browser) that has logged on to a network (windows OS). I have used php with LDAP before and made the user log into the website, however i would really like to have a Single Sign On (SSO) environment. Is this possible? PHP is my preferred language but if you know of any way of doing this i would be greatful. TIA Ade -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP LDAP - Single Sign On
[snip] Sorry if this has been asked before but i am currently drawing a blank STW etc.. is there any way of retrieving the user name of a user (through the browser) that has logged on to a network (windows OS). I have used php with LDAP before and made the user log into the website, however i would really like to have a Single Sign On (SSO) environment. Is this possible? PHP is my preferred language but if you know of any way of doing this i would be greatful. [/snip] http://www.pocket.com/ldap http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/LDAP Setup Problem
On Tue, April 25, 2006 9:43 pm, Crone, James wrote: I need to add LDAP support to my install of PHP. I had my sysadmin download OpenLDAP and install the libraries. Our current build of PHP is complex and I'd prefer not to have to rebuild just to add LDAP. I've been told to use the dl() function to load the LDAP library when needed in PHP. Whenever I dl(libldap.so) PHP returns the following error: PHP Warning: dl(): Invalid library (maybe not a PHP library) 'libldap.so' in . What am I doing wrong? Thanks in advance. libldap.so is the LDAP library -- like, the WHOLE LDAP library, to which PHP has an interface, if you re-compile PHP. So you need to compile (or they need to compile) the PHP LDAP interface down in the ext directory of PHP (or maybe it's in PECL now). This will result in a file with a name something like: ldap_php.so And *that* file is the one you would use dl() on. What you did is kind of like buying an airplane when you need to fly to another city... You needed just the ldap_php.so, and you tried to load in libldap.so, which is a system library. Pretty much all of PHP's extensions work like this. PHPPHP Extensions System Software Libraries PHP Core + + mysql_php.so libmysql.so + gd_php.so --- libgd.so + libpdf_php.so --- libpdf.so . . . That's the basic idea, anyway, even though I'm sure that at least one of the above is actually incorrect, and the names of the libraries and .so files vary a bit, here and there. You only want to dl() the PHP Extension that bridges or provides the glue to the System Software Library -- You don't want to dl() the whole System Software Library. Replace .so with .dll under Windows, and the same paradigm holds. HTH -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/LDAP Setup Problem
Crone, James wrote: I need to add LDAP support to my install of PHP. I had my sysadmin download OpenLDAP and install the libraries. This isn't correct way. You need these libraries but they are not enough. [snip] I've been told to use the dl() function Read carefully. http://php.net/dl says dl -- Loads a PHP extension at runtime Note *PHP extension*. You cannot use LDAP libraries directly. PHP Warning: dl(): Invalid library (maybe not a PHP library) 'libldap.so' in . What am I doing wrong? Thanks in advance. You are loading ldap library directly which provide C interface to ldap functions. You need PHP interface (which is what provided by PHP extension). It need to be compiled in PHP. Read more about extensions: http://www.zend.com/php/internals/extension-writing1.php#Heading2 -- Sameer N. Ingole Blog: http://weblogic.noroot.org/ --- Better to light one candle than to curse the darkness. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP/LDAP Setup Problem
I need to add LDAP support to my install of PHP. I had my sysadmin download OpenLDAP and install the libraries. Our current build of PHP is complex and I'd prefer not to have to rebuild just to add LDAP. I've been told to use the dl() function to load the LDAP library when needed in PHP. Whenever I dl(libldap.so) PHP returns the following error: PHP Warning: dl(): Invalid library (maybe not a PHP library) 'libldap.so' in . What am I doing wrong? Thanks in advance. Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/LDAP Authentication
On 2/19/06, Golden Butler [EMAIL PROTECTED] wrote: I'm currently running OpenLDAP with some users populated in the database. I would like to use PHP to create a web page where my ldap users can enter their username and password credentials to log into our intranet. Can someone point me to some expample scripts, articles, or sites. Thanks. http://php.net/ldap As always, read the docs and check the user comments. You won't need any more examples :-) -- Kim Christensen [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP/LDAP Authentication
Maybe this can help : Authentication script to authenticate users in Active Directory through LDAP. http://www.weberdev.com/get_example-3261.html Sincerely berber Visit the Weber Sites Today, To see where PHP might take you tomorrow. Search for PHP Code from your browser http://toolbar.weberdev.com Free Uptime Monitor : http://uptime.weberdev.com SEO Data Monitor http://seo.weberdev.com -Original Message- From: Golden Butler [mailto:[EMAIL PROTECTED] Sent: Sunday, February 19, 2006 8:40 AM To: PHP Mailing List Subject: [PHP] PHP/LDAP Authentication I'm currently running OpenLDAP with some users populated in the database. I would like to use PHP to create a web page where my ldap users can enter their username and password credentials to log into our intranet. Can someone point me to some expample scripts, articles, or sites. Thanks. - Delamatrix -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/LDAP Authentication
Thanks for all the help! I'll check it out. - Delamatrix Weber Sites LTD wrote: Maybe this can help : Authentication script to authenticate users in Active Directory through LDAP. http://www.weberdev.com/get_example-3261.html Sincerely berber Visit the Weber Sites Today, To see where PHP might take you tomorrow. Search for PHP Code from your browser http://toolbar.weberdev.com Free Uptime Monitor : http://uptime.weberdev.com SEO Data Monitor http://seo.weberdev.com -Original Message- From: Golden Butler [mailto:[EMAIL PROTECTED] Sent: Sunday, February 19, 2006 8:40 AM To: PHP Mailing List Subject: [PHP] PHP/LDAP Authentication I'm currently running OpenLDAP with some users populated in the database. I would like to use PHP to create a web page where my ldap users can enter their username and password credentials to log into our intranet. Can someone point me to some expample scripts, articles, or sites. Thanks. - Delamatrix -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP/LDAP Authentication
I'm currently running OpenLDAP with some users populated in the database. I would like to use PHP to create a web page where my ldap users can enter their username and password credentials to log into our intranet. Can someone point me to some expample scripts, articles, or sites. Thanks. - Delamatrix
[PHP] php ldap
Hi , I have a ldap server the user password are stored in that. my php ldasearch result says that the result is ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc= i want to compare this password with the user given password in other application (obviously php) but when i md5(passwordgiven) then it is showing different output. Any suggestions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP search parent group
Hi, I need to get the LDAP groups a user is member of (memberof). The problem is that there are multiple levels of groups, and I need to get all levels. example userA is member of group A B and C group A is member of (included in) group D If I make a simple query on the LDAP server to fetch the memberof of userA, it returns A, B and C. I need to get also D because group A is in group D In PHP I use the statement : $list = ldap_search($conn, $userdn,$basedn, samaccountname=$name, array('memberof')); //samaccountname is the Windows login name I make a ldap_search() but I also tried with ldap_list() and ldap_read() without change I used the options ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); //active Directory on 2003 server Is there a parameter I could add to PHP so as to get the parent groups? What is the LDAP_OPT_REFERRALS option ??? Thank you, Vincent
Re: [PHP] PHP LDAP search parent group
Vincent DUPONT wrote: I need to get the LDAP groups a user is member of (memberof). The problem is that there are multiple levels of groups, and I need to get all levels. example userA is member of group A B and C group A is member of (included in) group D If I make a simple query on the LDAP server to fetch the memberof of userA, it returns A, B and C. I need to get also D because group A is in group D In PHP I use the statement : $list = ldap_search($conn, $userdn,$basedn, samaccountname=$name, array('memberof')); //samaccountname is the Windows login name You're already way ahead of anything I've done with LDAP. Hopefully, there *IS* some way to do what you want with built-in LDAP commands. If there is *NOT*, however, something like this: function ldap_groups($conn, $userdn, $basend, $name){ $list = ldap_search($conn, $userdn,$basedn, samaccountname=$name, array('memberof')); //Now loop through all the groups: while (list(, $group) = ldap_read_something($conn, $list)){ $groups[$group] = $group; //$group should be A, B, or C... ldap_super_groups($conn, $group, $groups); } return $groups; } function ldap_super_groups($conn, $group, $groups){ $list = ldap_search($conn, $group, somemicrosoftthing=$group, array('memberof')); //Is 'memberof' what you want for A being in D? //Loop through all the new groups: while (list(, $g) = ldap_read_something($conn, $list)){ //This makes sure we don't spin our wheels forever, //re-doing groups we've already done: if (!isset[$groups[$g])){ ldap_super_groups($conn, $g, $groups); } $groups[$g] = $g; } return $groups; } -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP / LDAP with Windows logon
Hello, I have an issue with a PHP interface. We have many engineering users who will be using a request ticket system developed in PHP here. We don't know in advance who will be using the system and there may be new people in all the time. Currently I have to create a login for each person who needs to use the system, so I have to get a request for a login, create the login, and fill in their contact information. Since we work with engineers on a 12-15 hour time difference, it might take a whole day or more to get the login id request filled before they can open a ticket. Plus there's the whole inconvenience of having to login to another website. The site is inside our secure intranet, so we don't really need a double layer of security. Since we normally logon to a Windows network, what I would like to do is to detect the user's windows login id when he accesses the PHP page, and automatically reference his contact information from the windows LDAP server, so the user can be authenticated by his current windows login information, and not have to enter a separate login on the request page. Is this possible, and what is an easy way to do this? Thanks! Chris
Re: [PHP] PHP / LDAP with Windows logon
I am interested if anyone has ever determined a way to do this or if it is technically impossible. To my knowledge, I don't know of any way to do that from a non-windows server. On Fri, 12 Nov 2004 08:40:03 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I have an issue with a PHP interface. We have many engineering users who will be using a request ticket system developed in PHP here. We don't know in advance who will be using the system and there may be new people in all the time. Currently I have to create a login for each person who needs to use the system, so I have to get a request for a login, create the login, and fill in their contact information. Since we work with engineers on a 12-15 hour time difference, it might take a whole day or more to get the login id request filled before they can open a ticket. Plus there's the whole inconvenience of having to login to another website. The site is inside our secure intranet, so we don't really need a double layer of security. Since we normally logon to a Windows network, what I would like to do is to detect the user's windows login id when he accesses the PHP page, and automatically reference his contact information from the windows LDAP server, so the user can be authenticated by his current windows login information, and not have to enter a separate login on the request page. Is this possible, and what is an easy way to do this? Thanks! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP / LDAP with Windows logon
I found this on the php site after some searching. I haven't been able to test it yet since the PHP guy works nights: http://us2.php.net/manual/en/ref.ldap.php If anyone else has tried this, or could the original author (Jon) comment please? Thanks! Chris jon dot caplinger at broadwing dot com 08-Nov-2002 10:44 Here is an example of searching active directory in w2k. Active directory requires a user account that has permissions to search the tree. /* The following values are used for the example: 1. Domain = microsoft.com 2. Server = unstable 3. User = bgates 4. Password = iloveopensource */ // Get name value to search for from submitted form. if (isset($HTTP_GET_VARS[name])) { $name = $HTTP_GET_VARS[name]; } $ldap_server = ldap://unstable.microsoft.com;; $auth_user = [EMAIL PROTECTED]; $auth_pass = iloveopensource; // Set the base dn to search the entire microsoft.com directory. $base_dn = DC=microsoft, DC=com; /* filter the search for all people in the microsoft.com tree that have a name that matches any one of the following attributes name, displayname, or cn. */ $filter = ((objectClass=user)(objectCategory=person) (|(name=$name*)(displayname=$name*)(cn=$name*))); // connect to server if (!([EMAIL PROTECTED]($ldap))) { die(Could not connect to ldap server); } // bind to server if (!([EMAIL PROTECTED]($connect, $auth_user, $auth_pass))) { die(Unable to bind to server); } // search active directory if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) { die(Unable to search ldap server); } $number_returned = ldap_count_entries($connect,$search); $info = ldap_get_entries($connect, $search); echo The number of entries returned is . $number_returned; for ($i=0; $i$info[count]; $i++) { echo Name is: . $info[$i][name]; echo Display name is: . $info[$i][displayname][0]; echo Email is: . $info[$i][mail][0]; echo Telephone number is: . $info[$i][telephonenumber][0]; } -Original Message- From: Michael Gallant [mailto:[EMAIL PROTECTED] Sent: Friday, November 12, 2004 3:10 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP / LDAP with Windows logon I am interested if anyone has ever determined a way to do this or if it is technically impossible. To my knowledge, I don't know of any way to do that from a non-windows server. On Fri, 12 Nov 2004 08:40:03 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I have an issue with a PHP interface. We have many engineering users who will be using a request ticket system developed in PHP here. We don't know in advance who will be using the system and there may be new people in all the time. Currently I have to create a login for each person who needs to use the system, so I have to get a request for a login, create the login, and fill in their contact information. Since we work with engineers on a 12-15 hour time difference, it might take a whole day or more to get the login id request filled before they can open a ticket. Plus there's the whole inconvenience of having to login to another website. The site is inside our secure intranet, so we don't really need a double layer of security. Since we normally logon to a Windows network, what I would like to do is to detect the user's windows login id when he accesses the PHP page, and automatically reference his contact information from the windows LDAP server, so the user can be authenticated by his current windows login information, and not have to enter a separate login on the request page. Is this possible, and what is an easy way to do this? Thanks! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP LDAP query - need to add Exchange fields
Ben Crothers wrote: At the moment it works fine and extracts fields like first- and surname, title, department, etc. I need to add the 'office' field, and added it at the end of this filter line: --- $filter = (|(sn=$search[$i]*)(givenname=$search[$i]*)(title=$search[$i]*)(department= $search[$i]*)(office=$search[$i]*)); ...but so far it's not working. I *know* there's data in the 'office' field -- any ideas as to what I'm missing? Not all of the fields in Exchange are exposed through LDAP (this is from experience, I have no reference to back this up but would appreciate it if someone else has any info on the LDAP implementation in Excahnge 5.5+). I would guess from your question that 'office' is one of the fields that is not. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP query - need to add Exchange fields
Hoping this is an easy question to answer, apologise upfront if this is so basic, but just been put in charge of a PHP app with LDAP interface to M$ Exchange, and trying to figure out how it works. At the moment it works fine and extracts fields like first- and surname, title, department, etc. I need to add the 'office' field, and added it at the end of this filter line: --- $filter = (|(sn=$search[$i]*)(givenname=$search[$i]*)(title=$search[$i]*)(department= $search[$i]*)(office=$search[$i]*)); ...but so far it's not working. I *know* there's data in the 'office' field -- any ideas as to what I'm missing? Thanks a lot in advance, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP query - need to add Exchange fields
Hoping this is an easy question to answer, apologise upfront if this is so basic, but just been put in charge of a PHP app with LDAP interface to M$ Exchange, and trying to figure out how it works. At the moment it works fine and extracts fields like first- and surname, title, department, etc. I need to add the 'office' field, and added it at the end of this filter line: --- $filter = (|(sn=$search[$i]*)(givenname=$search[$i]*)(title=$search[$i]*)(department= $search[$i]*)(office=$search[$i]*)); ...but so far it's not working. I *know* there's data in the 'office' field -- any ideas as to what I'm missing? Thanks a lot in advance, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP LDAP attributes question
Hello, I am having trouble returning attributes from an LDAP dir and was curious if anyone had experienced similar issues. I am able to retrieve the attributes in the $nds_stuff fine. However, once I add an attribute to the array, I can get the last attribute in the array, but not the one that comes before. For example, this returns usertier2, but not usertier. If I switch the order, I can get the last one, but not the one that comes before? Here is my code: $filter=(|(cn= . $login_name . *)); //Attributes to get from NDS $nds_stuff = array(cn, sn, fullname, usertier); //doesn't work as expected //returns usertier2, but usertier is empty //$nds_stuff = array(cn, sn, fullname, usertier,usertier2); //Search for a specified filter on the directory with the scope of LDAP_SCOPE_SUBTREE $results=ldap_search($ldap, $dn, $filter, $nds_stuff); $info = ldap_get_entries($ldap, $results); //This loops Through the array for ($i=0; $i $info[count]; $i++) { //Declare the LDAP results as session variables $valid_user = strtolower($info[$i][cn][0]); $user_tier = $info[$i][usertier][0]; $user_tier2 = $info[$i][usertier2][0]; $user_fullname = $info[$i][fullname][0]; } //Close LDAP login array loop ldap_close($ldap); Any suggestions? Cory -- Cory Hicks [EMAIL PROTECTED] TRI International -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP, LDAP - Can't delete from more than 1 group
I'm using PHP to add users to my ldap directory. When I create a user they can be added to 1 or more groups. When that user is deleted, I want to remove them from all groups. The code I wrote only removes them from the first group, then gives an error for any other group. Here is the code, followed by the output. function removeFromGroup($toDelete, $ds, $ldap, $baseGroupdn){ $groupList = $ldap-ldapGetGroupList(); for ($i=0; $i$groupList[count]; $i++){ if (sizeof($groupList[$i][memberuid]) != 0){ foreach ($groupList[$i][memberuid] as $val){ if ($val == $toDelete){ $cnGroup = cn= . $groupList[$i][cn][0] . ,$baseGroupdn; $info[memberUid][] = $toDelete; echo Deleting . $toDelete . from . $cnGroup . br; $r = ldap_mod_del($ds, $cnGroup, $info); } } } } } // end removeFromGroup and the output: Deleting testuser from cn=Administrators,ou=Groups,dc=test,dc=com Deleting testuser from cn=Users,ou=Groups,dc=test,dc=com Warning: LDAP: modify operation could not be completed. in /var/www/html/user/user_p.php on line 470 Deleting testuser from cn=Guests,ou=Groups,dc=test,dc=com Warning: LDAP: modify operation could not be completed. in /var/www/html/user/user_p.php on line 470 uid=testuser,ou=Users,dc=test,dc=com deleted... also, here's what is in /var/log/ldap Feb 19 10:32:58 Lunar slapd[5650]: conn=1938 op=2 MOD dn=cn=Domain Admins,ou=Groups,dc=test,dc=com Feb 19 10:32:59 Lunar slapd[5650]: conn=1938 op=2 RESULT tag=103 err=0 text= Feb 19 10:32:59 Lunar slapd[14339]: conn=1938 op=3 MOD dn=cn=Domain Users,ou=Groups,dc=test,dc=com Feb 19 10:32:59 Lunar slapd[14339]: conn=1938 op=3 RESULT tag=103 err=16 text=modify: delete values failed Feb 19 10:32:59 Lunar slapd[5648]: conn=1938 op=4 MOD dn=cn=Domain Guests,ou=Groups,dc=test,dc=com Feb 19 10:32:59 Lunar slapd[5648]: conn=1938 op=4 RESULT tag=103 err=16 text=modify: delete values failed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php-ldap - multiple modify actions within a single request
hi! is it possible to make different modify actions (add, delete, etc.) during a single request? for changing a password in the NDS i would have to first delete the 'userPassword' and right after that add the new 'userPassword' i know that it is possible in C, perl, etc. but it seems that the php function cant handle it has anyone tried something like that? bye karim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php-ldap - multiple modify actions within a single request
On Tue, 07 Jan 2003 22:49:45 +0100, you wrote: hi! is it possible to make different modify actions (add, delete, etc.) during a single request? for changing a password in the NDS i would have to first delete the 'userPassword' and right after that add the new 'userPassword' AFAIK it is not possible to do this in PHP. I had a similar issue while building a administration interface for mail users that were stored in LDAP. I needed a way to ensure that I was giving each user a unique uidNumber without any potential race conditions. In the end I had to write a small Perl script to do what I needed and I run it from my php script using exec() since I couldn't do a single atomic LDAP delete followed by an LDAP add in PHP. I can give you more information on this if it might help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP/ldap - atomic attribute modification
Hi all, Anyone out there have significant experience using the PHP/ldap interface? It appears to me that it's missing some important functionality, but I might just not be seeing how to do it. I have a user-management application which needs to manage an openLDAP user base of several thousand users. For adding users, we need a way to get the next available UID number without creating a race condition where two users could simultaneously grab the same UID number. The question of how to best do this (on the LDAP side) has been hashed over quite a bit on the openldap-software mailing list. Without repeating all that discussion, the conclusion is that we need to grab a highestAssignedUid attribute of the ou=users,dc=example,dc=com entry and increment it using an attribute modify operation like this: dn: ou=users,dc=example,dc=com changetype: modify delete: highestAssignedUid highestAssignedUid: 500 - add: highestAssignedUid highestAssignedUid: 501 This solves the problem, because LDAP modify operations are atomic, and this modify operation will fail if the 'highestAssignedUid' attribute no longer has the value that we grabbed (eg 500). So if we grab the highestAssignedUid, and then our increment fails, we just back off and try the whole thing over again. If the increment succeeds, we know we've got a unique UIDnumber. But here's the problem: The PHP/ldap interface doesn't seem to have any way of supporting this type of modify, where one value is deleted and another added in a single atomic modify operation. ldap_mod_replace() and ldap_modify() replace /all/ the values of an attribute, irrespective of previous values. ldap_mod_del() will delete a specific value of an attribute, and ldap_mod_add() will add a value to an attribute without replacing existing ones, but if I have to make two function calls I've lost the crucial feature, which is atomicity, and reintroduced the race condition. Is there any good solution here? TIA for any advice, Carl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php, ldap, and ssl
hi, i sent this to the php install list but nobody was able to help me. thus i'm giving this list a crack at it. When i installed php v4.2.1 on my Solaris 8 (x86) using this install command: ./configure --with-mysql=/usr/local/mysql --with-apxs=/usr/local/apache/bin/apxs --with-gd=/usr/local --with-sockets --enable-track-vars --enable-force-cgi-redirect --with-gettext --with-ldap --with-openssl=/usr/local/ssl i get this error.: /usr/local/i386-pc-solaris2.8/bin/ld: .libs/libphp4.so: undefined versioned symbol name des_encrypt1 @@SUNWprivate_1.1 /usr/local/i386-pc-solaris2.8/bin/ld: failed to set dynamic section sizes: Bad value collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `libphp4.la' Current working directory /usr/local/downloads/php-4.2.1 *** Error code 1 make: Fatal error: Command failed for target `install-recursive' i've looked high and low but can find no solution. can please somebody help. thanx. --dave Rider University OIT --dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php / ldap
On Wed, Oct 30, 2002 at 09:28:00AM -0500, GC wrote: Hi, using php_ldapadd, I get this error in ldap.log: Oct 30 09:23:43 Lunar slapd[10714]: conn=202 op=1 RESULT tag=105 err=65 text=object class 'posixAccount' requires attribute 'uidNumber' How do I get the next available uid number from my ldap database and then use that number for uidnumber? This is a classic LDAP problem. If you have server side sorting you can ask for uidNumber in sorted order, and set sizelimit to 1. Not all servers support it though, and it's not easy to specify this in PHP. Another possibility might be to remember last max, and only search for larger values (of course you could search for all). Finally if you can control how data is updated, you could have a special attribute in a special object containing the highest uid, and update that whenever you add a higher one. Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php / ldap
Hi, using php_ldapadd, I get this error in ldap.log: Oct 30 09:23:43 Lunar slapd[10714]: conn=202 op=1 RESULT tag=105 err=65 text=object class 'posixAccount' requires attribute 'uidNumber' How do I get the next available uid number from my ldap database and then use that number for uidnumber? Thanks!! -Greg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP, LDAP and SASL
I have an OS X box that has been running PHP 4.1.2 and OpenLDAP 2.0.23 without any problems. I can bind to the LDAP database from PHP and everyone is happy. I wanted to build a new box with Cyrus-IMAP, Cyrus-SASL and OpenLDAP, moving my mail and authentication to it and leave the first box to just Apache and PHP. The second box appears to work fine. Where I'm having problems is binding from my PHP/Apache box to the new OpenLDAP box. With identical schema and data, I get errors trying to bind to the SASL/LDAP box from my PHP/Apache box that I don't get trying to bind to the local LDAP database. I can authenticate locally using the LDAP tools with a password against the SASL system. Does anyone have any idea if any of the following are true: 1) Do I have to build SASL and rebuild LDAP and then build a PHP against that LDAP to enable my PHP to bind to my Cyrus/SASL/LDAP box? 2) Is there something special on has to do to bind to a OpenLDAP/SASL rather than just OpenLDAP with PHP? Quinn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP, LDAP and OS X
The frustrating part is, I had this working on OS X 10.0.4. I am now running 10.1.2 Server. I successfully build OpenLDAP and it is working fine. I successfully built a version of PHP 4.0.6 for OS 10.1 with the instructions found at http://developer.apple.com/internet/macosx/php.html. It compiled without error using: ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --with-apxs --with-zlib --with- ldap=/Users/quinn/Desktop/Services/ldap/ldap --disable-pear --enable-trans-sid After moving the libphp4.so and editing the httpd.conf file, I started the web server, but got the following error: dyld: /usr/sbin/httpd Undefined symbols: _ldap_add_s _ldap_bind_s _ldap_compare_s _ldap_count_entries _ldap_count_values _ldap_count_values_len _ldap_delete_s _ldap_dn2ufn _ldap_err2string _ldap_explode_dn _ldap_first_attribute _ldap_first_entry _ldap_first_reference _ldap_get_dn _ldap_get_option _ldap_get_values _ldap_get_values_len _ldap_initialize _ldap_memfree _ldap_modify_s _ldap_msgfree _ldap_next_attribute _ldap_next_entry _ldap_next_reference _ldap_open _ldap_parse_reference _ldap_parse_result _ldap_perror _ldap_rename_s _ldap_result _ldap_search _ldap_search_s _ldap_set_option _ldap_unbind_s _ldap_value_free _ldap_value_free_len /usr/sbin/apachectl start: httpd could not be started Now...my OpenLDAP works fine. My PHP with LDAP compiled without error. Anyone have any ideas as to what might be wrong? - Quinn
Re: [PHP] PHP LDAP
On Tue, Dec 04, 2001 at 07:41:14AM +0800, Hafiz Malik wrote: hi there.. i'm succesfully add ldap entry(jpegphoto) using PHP via below codes.. but failed to modify it.. any ideas? Not really. Could you check what ldap_modify() returns, did you get any warnings from PHP? Turn on more debugging if necessary. Could you also try to do the same operation with ldap_modify on the command line? It might also be good to check your LDAP server logs (turn on more debugging if necessary). Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP LDAP
hi there.. i'm succesfully add ldap entry(jpegphoto) using PHP via below codes.. but failed to modify it.. any ideas? ADD LDAP ENTRY VIA PHP $userfile = addpicture.jpg; $fd = fopen ($userfile, r); $fsize = filesize ($userfile); $jpegStr = fread ($fd, $fsize); fclose ($fd); $ds = ldap_connect(localhost); $r= ldap_add($ds, uid=$uid,dc=orenda,dc=com, array(objectclass = inetorgperson, cn= $cn, uid = $uid, jpegphoto = $jpegStr ) ); MODIFY LDAP ENTRY VIA PHP $userfile = modifypic.jpg; $fd = fopen ($userfile, r); $fsize = filesize ($userfile); $jpegStr = fread ($fd, $fsize); fclose ($fd); $ds = ldap_connect(localhost); $bindp = secret; $bindn = uid=admin, dc=orenda, dc=com; ldap_bind($ds,$bindn,$bindp); $dn = uid= . $uid . , .dc=orenda, dc=com; $info['cn']=$cn; $info['jpegphoto']=$jpegStr; $info['objectclass']=person; if (count ($info) != 0) $r = ldap_modify ($ds, $dn, $info); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP, LDAP ldap_set_option
Hi, I want to use the LDAP functions of PHP to process every entry in an LDAP directory. Unfortunately the directory contains more than 2 entries and the PHP LDAP functions (ldap_search/ldap_list) report that the timelimit (30 seconds) has been exceed. I tried to use ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 0), but this function doesn't seem to work properly. I'm currently using Apache 1.3.19 with PHP 4.0.4pl1 and Netscape LDAP SDK version 4.1. Does anybody know how I can remove the time limit? Thanks in advance! Holger Flocken [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP, LDAP ldap_set_option
On Wed, Apr 11, 2001 at 02:07:04PM +0200, Holger Flocken wrote: Hi, I want to use the LDAP functions of PHP to process every entry in an LDAP directory. Unfortunately the directory contains more than 2 entries and the PHP LDAP functions (ldap_search/ldap_list) report that the timelimit (30 seconds) has been exceed. I tried to use ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 0), but this function doesn't seem to work properly. I'm currently using Apache 1.3.19 with PHP 4.0.4pl1 and Netscape LDAP SDK version 4.1. Does anybody know how I can remove the time limit? If the LDAP server supports it and is willing the option should work. You might want to look at the server config if you are able to. To test if the option works, you might try to set the timeout to say 10s. If it works I expect you to be able to shorten the timeout, but the server might refuse extending it. Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP LDAP SSL
I try to have the php ldap functions working with SSL , but when the code is executed the apache child die !!! is there anyone with that working regards -- __ Matthieu LE CORRE SERVICE INFORMATIQUE Ecole Polytechnique de l'Universit de Nantes (EPUN) Site de la Chantrerie Rue Christian Pauc BP 50609 44306 Nantes Cedex 3 02 40 68 32 23 __ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
On Tue, Mar 06, 2001 at 09:27:55AM +0100, Matthieu Le Corre wrote: I try to have the php ldap functions working with SSL , but when the code is executed the apache child die !!! is there anyone with that working Works fine for me. I know one other person with the same problem as you. He also tried with ldapsearch from OpenLDAP 2.0.7 and it crashed, so it seems to be an OpenLDAP problem. Perhaps you should try that as well, just use ldapsearch as usual, but use -H "ldaps://host" rather than -hhost. It then does the same as PHP does, and the result seems to be the same. In his case, the bug seems to be SASL related. I'm not using SASL and it works. So I advise you to try to compile 2.0.7 without SASL libraries, and try ldapsearch then. I don't know what platform you have, but ldd might show you which libraries your current ldapsearch uses. See also the thread "can't connect to secure LDAP server" on the openldap-software list. If it crashes, it would be good if you reported the bug at http://www.OpenLDAP.org/its/. Please try to give as much debug info as possible. gdb might help you. In case you don't know how to use gdb, here's some info. First execute "gdb ldapsearch". You should use the unstripped ldapsearch (openldap-2.0.7/clients/tools/ldapsearch in the source tree). Then on the gdb prompt "(gdb)" type "set args -H ldaps://nwserver.mydomain.com ..." (same arguments as on the command line), and then type run. You should then get some info about where it crashes. When it crashes, type the gdb command "bt". The output will help people know where it crashed. That should be in your bug report. I've assumed a few things here. If your not using OpenLDAP or ldapsearch doesn't crash, the problem is something else. Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
Hum the ldapsearch work fine !!! with the command : ldapsearch -x -H "ldaps://x..xx:636" I have got a possitive response from server ! and I don't use SASL ... really don't know why is don't work with php !!! my box : RH7 KDE2 Apache 1.3.17 php 4.04 pl1 mod_ssl-2.8.0-1.3.17 openssl-devel-0.9.6-1 openssl-0.9.6-1 openldap-devel-2.0.7-11 openldap-2.0.7-2 openldap-clients-2.0.7-12 Le Mardi 6 Mars 2001 09:53, vous avez crit : On Tue, Mar 06, 2001 at 09:27:55AM +0100, Matthieu Le Corre wrote: I try to have the php ldap functions working with SSL , but when the code is executed the apache child die !!! is there anyone with that working Works fine for me. I know one other person with the same problem as you. He also tried with ldapsearch from OpenLDAP 2.0.7 and it crashed, so it seems to be an OpenLDAP problem. Perhaps you should try that as well, just use ldapsearch as usual, but use -H "ldaps://host" rather than -hhost. It then does the same as PHP does, and the result seems to be the same. -- __ Matthieu LE CORRE SERVICE INFORMATIQUE Ecole Polytechnique de l'Universit de Nantes (EPUN) Site de la Chantrerie Rue Christian Pauc BP 50609 44306 Nantes Cedex 3 02 40 68 32 23 __ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
On Tue, Mar 06, 2001 at 10:54:24AM +0100, Matthieu Le Corre wrote: Hum the ldapsearch work fine !!! with the command : ldapsearch -x -H "ldaps://x..xx:636" I have got a possitive response from server ! and I don't use SASL ... I got some info from the other guy. He also used RH7 which includes SASL libraries, and he had crashes in both PHP and ldapsearch. Could you see if your ldapsearch crashes if you don't use -x parameter? -x tells it not to use SASL while there are no similar option from PHP. The other guy solved it by compiling OpenLDAP 2.0.7 himself without SASL support and using that with PHP. Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
i don't use SASL so when i use ldapsearch without -x I get "ldap_sasl_interactive_bind_s: Unknown authentication method" but it doesnt crash ! when i use php ldap functions with ssl php doesn't crash but juste an Apache child crash ! so you think that if i compile openldap without SASL i will work ? i 'm really not sure because it's not that it doesn't work it's just crash ;( thank for all regards Le Mardi 6 Mars 2001 11:08, vous avez crit : On Tue, Mar 06, 2001 at 10:54:24AM +0100, Matthieu Le Corre wrote: Hum the ldapsearch work fine !!! with the command : ldapsearch -x -H "ldaps://x..xx:636" I have got a possitive response from server ! and I don't use SASL ... I got some info from the other guy. He also used RH7 which includes SASL libraries, and he had crashes in both PHP and ldapsearch. Could you see if your ldapsearch crashes if you don't use -x parameter? -x tells it not to use SASL while there are no similar option from PHP. The other guy solved it by compiling OpenLDAP 2.0.7 himself without SASL support and using that with PHP. Stig -- __ Matthieu LE CORRE SERVICE INFORMATIQUE Ecole Polytechnique de l'Universit de Nantes (EPUN) Site de la Chantrerie Rue Christian Pauc BP 50609 44306 Nantes Cedex 3 02 40 68 32 23 __ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
On Tue, Mar 06, 2001 at 11:22:55AM +0100, Matthieu Le Corre wrote: i don't use SASL so when i use ldapsearch without -x I get "ldap_sasl_interactive_bind_s: Unknown authentication method" but it doesnt crash ! Okay, the other guy had a crash there. For me it works without -x and I don't use SASL either. when i use php ldap functions with ssl php doesn't crash but juste an Apache child crash ! so you think that if i compile openldap without SASL i will work ? i 'm really not sure because it's not that it doesn't work it's just crash ;( The Apache child probably crashes because of segfault or something in the LDAP code, but there could be other reasons. In theory you should get the same behavior with ldapsearch as from PHP. I'm not sure of anything, but what I would have done to debug it, is to use gdb either on the Apache process or on a stand-alone PHP. I prefer debugging with a stand-alon binary myself. Then run PHP with your script and see what happens. If you get a seg-fault or other crash, you can try to use gdb as I explained with ldapsearch to see where PHP crashes. Compiling PHP stand-alone is easy, do configure with just --with-ldap. You don't have to install it either, just run the resulting php binary. If it says something abous sasl where it crashes, I would try to compile OpenLDAP without SASL and then link PHP with the resulting libraries. If you try gdb on the PHP binary and get some message not related to sasl, or have problems using gdb, let me know. Stig -- Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
Le Mardi 6 Mars 2001 11:35, vous avez crit : I'm not sure of anything, but what I would have done to debug it, is to use gdb either on the Apache process or on a stand-alone PHP. I prefer debugging with a stand-alon binary myself. Then run PHP with your script and see what happens. If you get a seg-fault or other crash, you can try to use gdb as I explained with ldapsearch to see where PHP crashes. Compiling PHP stand-alone is easy, do configure with just --with-ldap. You don't have to install it either, just run the resulting php binary. If it says something abous sasl where it crashes, I would try to compile OpenLDAP without SASL and then link PHP with the resulting libraries. If you try gdb on the PHP binary and get some message not related to sasl, or have problems using gdb, let me know. hum you are right I've compiled PHP stand-alone and running the script and I get -- Program received signal SIGSEGV, Segmentation fault. 0x4003ba7b in ldap_int_sasl_external () from /usr/lib/libldap.so.2 (gdb) next Single stepping until exit from function ldap_int_sasl_external, which has no line number information. Program terminated with signal SIGSEGV, Segmentation fault. --- in fact it's ldaplib.so.2 that crash !! what a mess ... in fact it's the sasl function that crash i'll try to compil ldap without it ! it mays take a while ... thak for all regards -- __ Matthieu LE CORRE SERVICE INFORMATIQUE Ecole Polytechnique de l'Universit de Nantes (EPUN) Site de la Chantrerie Rue Christian Pauc BP 50609 44306 Nantes Cedex 3 02 40 68 32 23 __ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
There's been some discussion on the OpenLDAP lists as well, and there seems to be a fix around. See http://www.openldap.org/its/index.cgi/Software%20Bugs?id=889 Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP LDAP SSL
COOLL it work oki guys to work : apply the patch openldap source recompil openldap don't forget to copy librairie from /usr/local/lib to /usr/lib ! recompil php recompil apache and it works !!! it's beeen hard but it works !!! thank for all Le Mardi 6 Mars 2001 12:51, vous avez crit : There's been some discussion on the OpenLDAP lists as well, and there seems to be a fix around. See http://www.openldap.org/its/index.cgi/Software%20Bugs?id=889 Stig -- __ Matthieu LE CORRE SERVICE INFORMATIQUE Ecole Polytechnique de l'Universit de Nantes (EPUN) Site de la Chantrerie Rue Christian Pauc BP 50609 44306 Nantes Cedex 3 02 40 68 32 23 __ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]