>>> On Fri, Apr 3, 2009 at 10:16 AM, in message <49D5E20C.8302.00AC.0@xxxxxxxxxxxxxxxxx>, "Keith Lawson" <Keith.Lawson@xxxxxxxxxxxxxxxxx> wrote: > >>>> On Thu, Apr 2, 2009 at 5:51 PM, in message <49D53344.7040403@xxxxxxxxx>, > Chris > <dmagick@xxxxxxxxx> wrote: >> Keith Lawson wrote: >>> Hello, >>> >>> I have been working on this problem for some time now and I can't seem to >> resolve it. Everything I have found on google and php.net says I can connect > >> to an LDAP server with SSL by setting "TLS_REQCERT never" in ldap.conf. I >> want to eliminate certs from the picture for now just to confirm I can make >> the connection which is why I have "TLS_REQCERT never" set. >>> >>> I added that setting to my ldap.conf and my test code now works from the >> command line but it does not work when I call it from a browser. Here is my >> test: >>> >>> <?php >>> $ldaphost = "ldaps://my.ldap.server"; >>> >>> //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); >>> // Connecting to LDAP >>> $ldapconn = ldap_connect($ldaphost) >>> or die("Could not connect to {$ldaphost}"); >>> ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); >>> ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); >>> >>> echo var_dump(@ldap_bind($ldapconn, "cn=Keithl, ou=Users, o=LH")); >> >> It's hard to know - you're suppressing errors. >> >> Add these 2 lines to your script: >> error_reporting(E_ALL); >> ini_set('display_errors', true); > > I've done that and I get the following when I load the page in a browser: > Warning: ldap_bind() [function.ldap- bind]: Unable to bind to server: Can't > contact LDAP server in /www/doc/INTRA/ktlwiki/ldap- test.php on line 19 > bool(false) > Can't contact LDAP server > > From the command line still works: > > [www]/www/doc/> php ldap- test.php > bool(true) > <br>Success<br> > > As I mentioned the command line call did not work until I added "TLS_REQCERT > never" to ldap.conf. I need to figure out why the apache loadable module is > behaving differently than the command line binary. I'm pretty sure the web > page is failing because it is still trying to verify the LDAP server's cert. > > My problem was that I had compiled Apache against the Solaris 10 openSSL libraries version 0.9.7. When I installed OpenLDAP and recompiled PHP I manually build new openSSL libs that were version 0.9.8. Rebuilding apache and linking to the same openSSL libraries resolved this problem for me. That explains why I was seeing different behavior with command line PHP than when I called the same code through Apache. Thanks for the suggestions Chris. >> >> Then get rid of the @ in front of ldap_bind. >> >> Use http://www.php.net/manual/en/function.ldap- error.php to capture the >> error message and search for it. > > > -------------------------------------------------------------------------------- > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -------------------------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php