I'm a little hesitant to log a bug for this as it may be the way I'm doing things, but here's the "issue": Summary: Secondary requests to AJAX PHP Script that performs ldap_connect/ldap_bind requests to 1+ directories often results in "LDAP Can't contact LDAP server". It appears PHP doesn't even attempt a communication attempt. A restart of apache2 service often allows connection. Versions & Extension Config: - openSUSE 12.3 (x86_64) - apache2-2.2.22-10.4.1.x86_64 - PHP Version 5.4.14 - PHP API: 20100412- LDAP Support: enabled - RCS Version: $Id$- OpenSSL support: enabled - OpenSSL Library Version: OpenSSL 1.0.1e 11 Feb 2013 - OpenSSL Header Version: OpenSSL 1.0.1e 11 Feb 2013 eDirectory Versions & Configuration: eDirectory 8.7.3 (or greater) Default LDAP configuration (i.e. no restrictions on bind limits, result sizes, etc....) Details: Here's the architecture.... A main php script (system_view.php) that does AJAX call to another php script (system_view_ajax.php) for a JSON result (used by d3js.org JS). The system_view_ajax.php creates a connection, does a bind, and queries for some information from LDAP ("DirA") based on search criteria from system_view.php. Depending on the information from this query result, additional connections, binds, and queries to 1 - 2 additional directories may be actioned (normally 2 additional directories). During each query, a set of arrays are generated before being reorganised and converted to JSON at the completion of the queries. There are a stack of Constants and array variables set in an included script, but the LDAP_URIS would result in a string similar to "ldaps://10.x.x.x:636 ldaps://10.x.x.x:636 ldaps://10.x.x.x:636 ldaps://10.x.x.x:636".... SSL shouldn't be an issue as Apache2 has LDAPVerifyServerCert Off, but even with 389 I still strike the same issue. I'm using the eDirectory admin account which has no limits on connections. system_view_ajax.php Code Snippets: //******************************************************************************* // CM Search //******************************************************************************* $TREE = "CM"; if (${"CONST_" . $TREE . "_SEARCH"}) { $po_count = 0; $co_count = 0; //******************************************************************************* // Connect to LDAP //******************************************************************************* ${"ldapconn" . strtolower($TREE)} = ldap_connect(constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS")); if (${"ldapconn" . strtolower($TREE)}) { //******************************************************************************* // Set LDAP Options //******************************************************************************* ldap_set_option(${"ldapconn" . strtolower($TREE)}, LDAP_OPT_PROTOCOL_VERSION, 3); //******************************************************************************* // Bind to LDAP //******************************************************************************* $ldapbind = ldap_bind(${"ldapconn" . strtolower($TREE)}, constant("CONST_" . strtoupper($TREE) . "_LDAP_USR"), constant("CONST_" . strtoupper($TREE) . "_LDAP_PWD")); if ($ldapbind) { .... .... do query and array stuff .... .... } //******************************************************************************* // Bind Error //******************************************************************************* else { $errors[] = array("Description" => "Could not bind as " . constant("CONST_" . strtoupper($TREE) . "_LDAP_USR") . " - LDAP " . ldap_error(${"ldapconn" . strtolower($TREE)}) . " " . strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . ". You may have to wait 5-10 minutes or ask Ben Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" . strtolower($TREE)})); } //******************************************************************************* // Unbind from LDAP //******************************************************************************* $ldapunbind = ldap_unbind(${"ldapconn" . strtolower($TREE)}); } //******************************************************************************* // Connection Error //******************************************************************************* else { $errors[] = array("Description" => "Could not connect to " . strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . " - LDAP " . ldap_error(${"ldapconn" . strtolower($TREE)}) . ". You may have to wait 5-10 minutes or ask Ben Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" . strtolower($TREE)})); } //******************************************************************************* // Cleanup LDAP connection //******************************************************************************* unset(${"ldapconn" . strtolower($TREE)}); } //******************************************************************************* // Search Error //******************************************************************************* else { $errors[] = array("Description" => "Searching of parent directory disabled. This was unexpected.", "Code" => CENITEX_SEARCH_DISABLED); } //******************************************************************************* // Remote Search //******************************************************************************* foreach ($remote_array as $TREE => $d3group) { //******************************************************************************* // Check if we should search Search //******************************************************************************* if (${"CONST_" . $TREE . "_SEARCH"}) { $po_count = 0; $co_count = 0; //******************************************************************************* // Connect to LDAP //******************************************************************************* ${"ldapconn" . strtolower($TREE)} = ldap_connect(constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS")); if (${"ldapconn" . strtolower($TREE)}) { //******************************************************************************* // Set LDAP Options //******************************************************************************* ldap_set_option(${"ldapconn" . strtolower($TREE)}, LDAP_OPT_PROTOCOL_VERSION, 3); //******************************************************************************* // Bind to LDAP //******************************************************************************* $ldapbind = ldap_bind(${"ldapconn" . strtolower($TREE)}, constant("CONST_" . strtoupper($TREE) . "_LDAP_USR"), constant("CONST_" . strtoupper($TREE) . "_LDAP_PWD")); if ($ldapbind) { .... .... do query and array stuff .... .... } //******************************************************************************* // Bind Error //******************************************************************************* else { $errors[] = array("Description" => "Could not bind as " . constant("CONST_" . strtoupper($TREE) . "_LDAP_USR") . " - LDAP " . ldap_error(${"ldapconn" . strtolower($TREE)}) . " " . strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . ". You may have to wait 5-10 minutes or ask Ben Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" . strtolower($TREE)})); } //******************************************************************************* // Unbind from LDAP //******************************************************************************* $ldapunbind = ldap_unbind(${"ldapconn" . strtolower($TREE)}); } //******************************************************************************* // Connection Error //******************************************************************************* else { $errors[] = array("Description" => "Could not connect to " . strtoupper($TREE) . " " . constant("CONST_" . strtoupper($TREE) . "_LDAP_URIS") . " - LDAP " . ldap_error(${"ldapconn" . strtolower($TREE)}) . ". You may have to wait 5-10 minutes or ask Ben Walter to restart Apache.", "Code" => ldap_errno(${"ldapconn" . strtolower($TREE)})); } //******************************************************************************* // Cleanup LDAP connection //******************************************************************************* unset(${"ldapconn" . strtolower($TREE)}); } } .... .... process arrays and return JSON .... .... Error: After the first AJAX call (which seems to work flawlessly), additional AJAX calls result in a bind error when it loops through the remote tree set.... "ERROR -1: Could not bind as cn=admin,o=admin - LDAP Can't contact LDAP server CLM ldaps://10.x.x.x:636 ldaps://10.x.x.x:636 ldaps://10.x.x.x:636 ldaps://10.x.x.x:636. You may have to wait 5-10 minutes or ask Ben Walter to restart Apache." Would be nice to raise connections to ldap and maintain them, but being AJAX calls to this script, not sure of best way.... Thoughts? |
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php