stevefNYC
asked on
PHP issues with ldaps://
I'm having issues connecting to an ldaps:// server with PHP 5.2.0. I was able to successfully write code in perl and connect to the same server from the same source machine without any issues. Perhaps I'm overlooking an option here. On the LDAP side, I'm using OpenLDAP 2.3.30. I'm currently allowing anonymous binds, and just to verify, ldapsearch works just fine as well without any additional arguments.
The following is the PHP warning, a Protocol error:
Apr 11 14:55:29 host httpd: PHP Warning: ldap_bind() [<a href='function.ldap-bind'> function.l dap-bind</ a>]: Unable to bind to server: Protocol error in /www/host.foo.com/changepa ss.php on line 72
code excerpt:
function ldap_init() {
$ldaphost = "ldaps://host.foo.com:636/ ";
//$ldapport = '636';
ldap_set_option($ldaphost, LDAP_OPT_REFERRALS, 0);
echo "Initiating LDAP query...<br>";
$ldapconn = ldap_connect($ldaphost)
or die("Could not connect to $ldaphost");
if($ldapconn) {
echo "Initialization successful. Let's bind to the directory.<br>";
$ldapbind = ldap_bind($ldapconn); // This is an anonymous bind
if (!ldap_bind($ldapconn)) {
echo "Error: " . ldap_error($ldapconn);
}
}
}
Thanks to anyone who can lend a helping hand. :-)
The following is the PHP warning, a Protocol error:
Apr 11 14:55:29 host httpd: PHP Warning: ldap_bind() [<a href='function.ldap-bind'>
code excerpt:
function ldap_init() {
$ldaphost = "ldaps://host.foo.com:636/
//$ldapport = '636';
ldap_set_option($ldaphost,
echo "Initiating LDAP query...<br>";
$ldapconn = ldap_connect($ldaphost)
or die("Could not connect to $ldaphost");
if($ldapconn) {
echo "Initialization successful. Let's bind to the directory.<br>";
$ldapbind = ldap_bind($ldapconn); // This is an anonymous bind
if (!ldap_bind($ldapconn)) {
echo "Error: " . ldap_error($ldapconn);
}
}
}
Thanks to anyone who can lend a helping hand. :-)
ASKER
No go, I tried the above also.. as you can see I had $ldapport commented out above from prior testing. By the way, I made sure to compile PHP with OpenSSL support.
While googling i found users had problem while using dns name. did you try using IP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Aye, I've tried by IP also, apologies for not mentioning that. I've also ran tcpdump on the LDAP server and I see packets hitting the interface on tcp/636, so it's something to do with SSL in specific I'd imagine.
ASKER
awesome netmunky. That did it. I was setting LDAP_OPT_PROTOCOL_VERSION, but misread the documentation and was setting it prior to ldap_connect(). I moved the code to after the connect and all looks OKAY now.
Thank you kindly for your assistance!
Thank you kindly for your assistance!
function ldap_init() {
$ldaphost = "ldaps://host.foo.com";
$ldapport = '636';
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
ldap_set_option($ldapconn,
echo "Initiating LDAP query...<br>";
if($ldapconn) {
echo "Initialization successful. Let's bind to the directory.<br>";
$ldapbind = ldap_bind($ldapconn); // This is an anonymous bind
if (!ldap_bind($ldapconn)) {
echo "Error: " . ldap_error($ldapconn);
}
}
}