2 Replies Latest reply on Aug 13, 2015 10:39 AM by steffen.moser

    PHP 5.6 still does nolt work with LDAPS connections

    Andrew Watkins

      I have a bug logged with MOS about upgrading PHP Solaris 11.2 to a version which works with openssl.

      With Solaris 11.3 beta this has now been done, but worst luck it is not quiet working with LDAPS.

       

      Example:

      Test LDAPS works on Solaris:

      # ldapsearch  -h adserver.bbk.ac.uk -p 636 -Z -P /var/ldap -b "dc=bbk,dc=ac,dc=uk" -D "CN=testuser,OU=users,DC=bbk,DC=ac,DC=uk" -w MyPassword "samaccountname=testuser" uidNumber

      version: 1

      dn: CN=testuser,OU=users,DC=bbk,DC=ac,DC=uk

      uidNumber: 24837

       

      PHP code

      # cat ldaps.php

      <?php

          $ds = "ldaps://adserver.bbk.ac.uk";

          $ds = "adserver.bbk.ac.uk";

          $ldaprdn  = "cn=admin,ou=users,dc=bbk,dc=ac,dc=uk";

          $ldappass = MyPassword';

          # 389 - Works

          # 636 - Fails

          $ldapport = 636;

       

          // connect to ldap server

          $ldapconn = ldap_connect($ds, $ldapport)

          or die("Could not connect to LDAP server (ldap_connect).");

       

          if ($ldapconn) {

              echo ":::LDAP connected\n";

       

              if (ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) {

                echo ":::Setting Protocol\n";

          } else {

                echo "Failed to set protocol version";

          }

              ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);

       

              $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

       

              if ($ldapbind) {

                  echo ":::LDAP bind successful\n";

              } else {

                  echo ":::LDAP bind failed\n";

              }

          }

      ?>

       

      Run it:

      # php ldaps.php

      :::LDAP connected

      :::Setting Protocol

      PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/tmp/ldaps.php on line 25

       

      Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/tmp/ldaps.php on line 25

      :::LDAP bind failed

       

      If I change the port to 389 it does not work.

      Just want to check that this is a know problem.

       

      Thanks,

       

      Andrew

        • 1. Re: PHP 5.6 still does nolt work with LDAPS connections
          Michael Nestler-Oracle

          Thank you for bringing this to our attention. We are aware that since PHP in Solaris currently uses the Solaris LDAP Library, rather than OpenLDAP as in other operating systems, LDAPS is not supported. We are currently looking at changing this in the way you are requesting. Any change would be made available in a future Update and/or SRU to Solaris.

          • 2. Re: PHP 5.6 still does nolt work with LDAPS connections
            steffen.moser

            Hi,

             

            let me please add another aspect: There is at least one further feature which is supported by OpenLDAP lib but doesn't seem to be available in the Solaris LDAP lib: "Paged Results". Some PHP-based web applications do have their problems with detecting the LDAP libs capabilities through PHP, for example the learning management tool Moodle is not able to detect correctly that PHP which comes with Solaris 11.2 is not capable of handling "paged results". As a result, one gets a very strange behavior of the web application. I debugged at least half a day until I noticed that the misbehavior of Moodle's LDAP subsystem stems from the fact that it assumed that "pages results" were available. Although I already had built packages containing a 64 bit version of PHP 5.4.x, it was still linked to the Solaris LDAP lib. After changing that to openLDAP lib, the problem was gone.

             

            I think that fixing issues like that might reduce the trouble users have when running popular web applications under Solaris. The step to a 64 bit version of PHP 5.6 in Solaris 11.3 is absolutely great and it would be even greater to have a PHP version which is linked to OpenLDAP lib (or enabling equal features in the Solaris LDAP lib).

             

            Kind regards,

            Steffen