php-general Digest 17 Apr 2013 17:47:10 -0000 Issue 8198
Topics (messages 320861 through 320862):
ldap connect issues
320861 by: Dead Letter.Office
self operator within a double quoted string
320862 by: NaMarPi
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
I'm a little hesitant to log a bug for this as it may be the way I'm doing
things, but here's the "issue":
Summary:
Secondary
requests to AJAX PHP Script that performs ldap_connect/ldap_bind
requests to 1+ directories often results in "LDAP Can't contact LDAP
server". It appears PHP doesn't even attempt a communication attempt. A restart
of apache2 service often allows connection.
Versions & Extension Config:
- openSUSE 12.3 (x86_64)
- apache2-2.2.22-10.4.1.x86_64
- PHP Version 5.4.14
- PHP API: 20100412
- PHP Extension: 20100525
- PHP Extension Build: API20100525,NTS
- LDAP Support: enabled
- RCS Version: $Id$
- Total Links: 0/unlimited
- API Version: 3001
- Vendor Name: OpenLDAP
- Vendor Version: 20433
- SASL Support: Enabled
- ldap.max_links: Unlimited
- OpenSSL support: enabled
- OpenSSL Library Version: OpenSSL 1.0.1e 11 Feb 2013
- OpenSSL Header Version: OpenSSL 1.0.1e 11 Feb 2013
eDirectory Versions & Configuration:
eDirectory 8.7.3 (or greater)
Default LDAP configuration (i.e. no restrictions on bind limits, result sizes,
etc....)
Details:
Here's
the architecture.... A main php script (system_view.php) that does AJAX
call to another php script (system_view_ajax.php) for a JSON result
(used by d3js.org JS). The system_view_ajax.php creates a connection,
does a bind, and queries for some information from LDAP ("DirA") based
on search criteria from system_view.php. Depending on the information
from this query result, additional connections, binds, and queries to 1 -
2 additional directories may be actioned (normally 2 additional
directories). During each query, a set of arrays are generated before
being reorganised and converted to JSON at the completion of the
queries.
There are a stack of Constants and array variables set
in an included script, but the LDAP_URIS would result in a string
similar to "ldaps://10.x.x.x:636 ldaps://10.x.x.x:636
ldaps://10.x.x.x:636 ldaps://10.x.x.x:636".... SSL shouldn't be an issue
as Apache2 has LDAPVerifyServerCert Off, but even with 389 I still
strike the same issue.
I'm using the eDirectory admin account which has no limits on connections.
system_view_ajax.php Code Snippets:
//*******************************************************************************
// CM Search
//*******************************************************************************
$TREE = "CM";
if (${"CONST_" . $TREE . "_SEARCH"})
{
$po_count = 0;
$co_count = 0;
//*******************************************************************************
// Connect to LDAP
//*******************************************************************************
${"ldapconn" . strtolower($TREE)} = ldap_connect(constant("CONST_" .
strtoupper($TREE) . "_LDAP_URIS"));
if (${"ldapconn" . strtolower($TREE)})
{
//*******************************************************************************
// Set LDAP Options
//*******************************************************************************
ldap_set_option(${"ldapconn" . strtolower($TREE)},
LDAP_OPT_PROTOCOL_VERSION, 3);
//*******************************************************************************
// Bind to LDAP
//*******************************************************************************
$ldapbind = ldap_bind(${"ldapconn" . strtolower($TREE)},
constant("CONST_" . strtoupper($TREE) . "_LDAP_USR"), constant("CONST_" .
strtoupper($TREE) . "_LDAP_PWD"));
if ($ldapbind)
{
....
.... do query and array stuff ....
....
}
//*******************************************************************************
// Bind Error
//*******************************************************************************
else
{
$errors[] = array("Description" => "Could not bind as " .
constant("CONST_" . strtoupper($TREE) . "_LDAP_USR") . " - LDAP " .
ldap_error(${"ldapconn" . strtolower($TREE)}) . " " . strtoupper($TREE) .
" " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . ". You
may have to wait 5-10 minutes or ask Ben Walter to restart Apache.",
"Code" => ldap_errno(${"ldapconn" . strtolower($TREE)}));
}
//*******************************************************************************
// Unbind from LDAP
//*******************************************************************************
$ldapunbind = ldap_unbind(${"ldapconn" . strtolower($TREE)});
}
//*******************************************************************************
// Connection Error
//*******************************************************************************
else
{
$errors[] = array("Description" => "Could not connect to " .
strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) .
"_LDAP_URIS") . " - LDAP " . ldap_error(${"ldapconn" .
strtolower($TREE)}) . ". You may have to wait 5-10 minutes or ask Ben
Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" .
strtolower($TREE)}));
}
//*******************************************************************************
// Cleanup LDAP connection
//*******************************************************************************
unset(${"ldapconn" . strtolower($TREE)});
}
//*******************************************************************************
// Search Error
//*******************************************************************************
else
{
$errors[] = array("Description" => "Searching of parent directory
disabled. This was unexpected.", "Code" => CENITEX_SEARCH_DISABLED);
}
//*******************************************************************************
// Remote Search
//*******************************************************************************
foreach ($remote_array as $TREE => $d3group)
{
//*******************************************************************************
// Check if we should search Search
//*******************************************************************************
if (${"CONST_" . $TREE . "_SEARCH"})
{
$po_count = 0;
$co_count = 0;
//*******************************************************************************
// Connect to LDAP
//*******************************************************************************
${"ldapconn" . strtolower($TREE)} = ldap_connect(constant("CONST_" .
strtoupper($TREE) . "_LDAP_URIS"));
if (${"ldapconn" . strtolower($TREE)})
{
//*******************************************************************************
// Set LDAP Options
//*******************************************************************************
ldap_set_option(${"ldapconn" . strtolower($TREE)},
LDAP_OPT_PROTOCOL_VERSION, 3);
//*******************************************************************************
// Bind to LDAP
//*******************************************************************************
$ldapbind = ldap_bind(${"ldapconn" . strtolower($TREE)},
constant("CONST_" . strtoupper($TREE) . "_LDAP_USR"), constant("CONST_" .
strtoupper($TREE) . "_LDAP_PWD"));
if ($ldapbind)
{
....
.... do query and array stuff ....
....
}
//*******************************************************************************
// Bind Error
//*******************************************************************************
else
{
$errors[] = array("Description" => "Could not bind as " .
constant("CONST_" . strtoupper($TREE) . "_LDAP_USR") . " - LDAP " .
ldap_error(${"ldapconn" . strtolower($TREE)}) . " " . strtoupper($TREE) .
" " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . ". You
may have to wait 5-10 minutes or ask Ben Walter to restart Apache.",
"Code" => ldap_errno(${"ldapconn" . strtolower($TREE)}));
}
//*******************************************************************************
// Unbind from LDAP
//*******************************************************************************
$ldapunbind = ldap_unbind(${"ldapconn" . strtolower($TREE)});
}
//*******************************************************************************
// Connection Error
//*******************************************************************************
else
{
$errors[] = array("Description" => "Could not connect to " .
strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) .
"_LDAP_URIS") . " - LDAP " . ldap_error(${"ldapconn" .
strtolower($TREE)}) . ". You may have to wait 5-10 minutes or ask Ben
Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" .
strtolower($TREE)}));
}
//*******************************************************************************
// Cleanup LDAP connection
//*******************************************************************************
unset(${"ldapconn" . strtolower($TREE)});
}
}
....
.... process arrays and return JSON ....
....
Error:
After
the first AJAX call (which seems to work flawlessly), additional AJAX
calls result in a bind error when it loops through the remote tree
set.... "ERROR -1: Could not bind as cn=admin,o=admin - LDAP Can't
contact LDAP server CLM ldaps://10.x.x.x:636 ldaps://10.x.x.x:636
ldaps://10.x.x.x:636 ldaps://10.x.x.x:636. You may have to wait 5-10
minutes or ask Ben Walter to restart Apache."
Would be nice to raise connections to ldap and maintain them, but being AJAX
calls to this script, not sure of best way....
Thoughts?
--- End Message ---
--- Begin Message ---
I would like to use self and static operators inside a double quoted string,
but do not find the way to accomplish that. Could you give me a right direction?
http://3v4l.org/NDkdA
class Foo {
public static $class_prop = 'Class_Property';
public $object_prop = 'Object_Property';
static function printClassProp() {
print 'prefix_' . self::$class_prop . '_postfix' . PHP_EOL;
print "prefix_{\\self::$class_prop}_postfix" . PHP_EOL; // <--
issue here
}
function printObjectProp() {
print "prefix_{$this->object_prop}_postfix" . PHP_EOL;
}
}
$foo = new Foo;
$foo->printObjectProp();
Foo::printClassProp();
--- End Message ---