Solved

PHP issues with ldaps://

Posted on 2007-04-11
6
851 Views
Last Modified: 2013-12-20
I'm having issues connecting to an ldaps:// server with PHP 5.2.0. I was able to successfully write code in perl and connect to the same server from the same source machine without any issues. Perhaps I'm overlooking an option here. On the LDAP side, I'm using OpenLDAP 2.3.30. I'm currently allowing anonymous binds, and just to verify, ldapsearch works just fine as well without any additional arguments.

The following is the PHP warning, a Protocol error:

Apr 11 14:55:29 host httpd: PHP Warning:  ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Protocol error in /www/host.foo.com/changepass.php on line 72

code excerpt:

function ldap_init() {
  $ldaphost = "ldaps://host.foo.com:636/";
  //$ldapport = '636';
  ldap_set_option($ldaphost, LDAP_OPT_REFERRALS, 0);
  echo "Initiating LDAP query...<br>";
  $ldapconn = ldap_connect($ldaphost)
     or die("Could not connect to $ldaphost");

  if($ldapconn) {
     echo "Initialization successful. Let's bind to the directory.<br>";
     $ldapbind = ldap_bind($ldapconn); // This is an anonymous bind
     if (!ldap_bind($ldapconn)) {
        echo "Error: " . ldap_error($ldapconn);
     }
  }
}

Thanks to anyone who can lend a helping hand. :-)
0
Comment
Question by:stevefNYC
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:f_o_o_k_y
ID: 18892291
I cannot teszt it but try:

function ldap_init() {
  $ldaphost = "ldaps://host.foo.com";
  $ldapport = '636';
$ldapconn = ldap_connect($ldaphost, $ldapport)
     or die("Could not connect to $ldaphost");
  ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
  echo "Initiating LDAP query...<br>";
    if($ldapconn) {
     echo "Initialization successful. Let's bind to the directory.<br>";
     $ldapbind = ldap_bind($ldapconn); // This is an anonymous bind
     if (!ldap_bind($ldapconn)) {
        echo "Error: " . ldap_error($ldapconn);
     }
  }
}
0
 
LVL 3

Author Comment

by:stevefNYC
ID: 18892342
No go, I tried the above also.. as you can see I had $ldapport commented out above from prior testing. By the way, I made sure to compile PHP with OpenSSL support.

0
 
LVL 11

Expert Comment

by:f_o_o_k_y
ID: 18892384
While googling i found users had problem while using dns name. did you try using IP?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 8

Accepted Solution

by:
netmunky earned 500 total points
ID: 18892495
have you tried LDAP_OPT_PROTOCOL_VERSION?

http://php.osuosl.org/manual/en/function.ldap-bind.php#72795
0
 
LVL 3

Author Comment

by:stevefNYC
ID: 18892514
Aye, I've tried by IP also, apologies for not mentioning that. I've also ran tcpdump on the LDAP server and I see packets hitting the interface on tcp/636, so it's something to do with SSL in specific I'd imagine.
0
 
LVL 3

Author Comment

by:stevefNYC
ID: 18892583
awesome netmunky. That did it. I was setting LDAP_OPT_PROTOCOL_VERSION, but misread the documentation and was setting it prior to ldap_connect(). I moved the code to after the connect and all looks OKAY now.

Thank you kindly for your assistance!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now