php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33588 No RootDSE query possible
Submitted: 2005-07-06 13:55 UTC Modified: 2005-07-09 02:49 UTC
From: cajus at naasa dot net Assigned: sniper (profile)
Status: Closed Package: LDAP related
PHP Version: 5.0.4 OS: Debian GNU/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cajus at naasa dot net
New email:
PHP Version: OS:

 

 [2005-07-06 13:55 UTC] cajus at naasa dot net
Description:
------------
I've found that searching the RootDSE does not work with  
PHP, because the base is set to NULL when no base is  
specified. This fact causes the LDAP library to look into 
the systems ldap.conf to take the base from there - which 
is probably not what we want. 
 
The following patch fixes the problem: 
  
--- php5-5.0.4/ext/ldap/ldap.c  2005-01-19  
01:27:42.000000000 +0100  
+++ php5-5.0.4/ext/ldap/ldap.c.fixed    2005-07-01  
17:15:55.000000000 +0200  
@@ -575,6 +575,7 @@  
 {  
        zval **link, **base_dn, **filter, **attrs, **attr,  
**attrsonly, **sizelimit, **timelimit, **deref;  
        char *ldap_base_dn = NULL;  
+    char *dummy_base_dn = "";  
        char *ldap_filter = NULL;  
        char **ldap_attrs = NULL;  
        ldap_linkdata *ld;  
@@ -674,7 +675,7 @@  
                } else {  
                        nbases = 0; /* this means string,  
not array */  
                        convert_to_string_ex(base_dn);  
-                       ldap_base_dn =  
Z_STRLEN_PP(base_dn) < 1 ? NULL : Z_STRVAL_PP(base_dn);  
+                       ldap_base_dn =  
Z_STRLEN_PP(base_dn) < 1 ? dummy_base_dn :  
Z_STRVAL_PP(base_dn);  
                }  
  
                if (Z_TYPE_PP(filter) == IS_ARRAY) {  
@@ -713,7 +714,7 @@  
                                 
zend_hash_get_current_data(Z_ARRVAL_PP(base_dn), (void  
**)&entry);  
                                 
zend_hash_move_forward(Z_ARRVAL_PP(base_dn));  
                                 
convert_to_string_ex(entry);  
-                               ldap_base_dn =  
Z_STRLEN_PP(entry) < 1 ? NULL : Z_STRVAL_PP(entry);  
+                               ldap_base_dn =  
Z_STRLEN_PP(entry) < 1 ? dummy_base_dn :  
Z_STRVAL_PP(entry);  
                        }  
                        if (nfilters != 0) { /* filter an  
array? */  
                                 
zend_hash_get_current_data(Z_ARRVAL_PP(filter), (void  
**)&entry);  
@@ -756,7 +757,7 @@  
  
        /* fix to make null base_dn's work */  
        if (strlen(ldap_base_dn) < 1) {  
-               ldap_base_dn = NULL;  
+               ldap_base_dn = dummy_base_dn;  
        }  
  
        ld = (ldap_linkdata *) zend_fetch_resource(link  
TSRMLS_CC, -1, "ldap link", NULL, 1, le_link);  

Reproduce code:
---------------
<?php

#  ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
function get_naming_contexts($server, $admin, $password)
{
  /* Build LDAP connection */
  $ds= ldap_connect ($server);
  if (!$ds) {
    die ("Can't bind to LDAP. No check possible!");
  }
  ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
  $r= ldap_bind ($ds, $admin, $password);

  /* Get base to look for naming contexts */
  $sr  = @ldap_read ($ds, "", "objectClass=*", array("namingContexts"));
  $attr= @ldap_get_entries($ds,$sr);
  print_r($attr);
}

get_naming_contexts("what.server.ever.org", "cn=admindn,dc=whatever,dc=org", "secret");

?>


Expected result:
----------------
Array 
( 
    [count] => 1 
    [0] => Array 
        ( 
            [namingcontexts] => Array 
                ( 
                    [count] => 2 
                    [0] => dc=whatever,dc=org 
                    [1] => dc=whatever,dc=shell 
                ) 
 
            [0] => namingcontexts 
            [count] => 1 
            [dn] => 
        ) 
 
) 

Actual result:
--------------
Array 
( 
    [count] => 1 
    [0] => Array 
        ( 
            [count] => 0 
            [dn] => dc=whatever,dc=org 
        ) 
 
) 
 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-09 02:47 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-07-09 02:49 UTC] sniper@php.net
Note: I did not use your patch as it wouldn't have allowed retaining the current behaviour.
 
You can now pass base_dn NULL to make it use ldap.conf.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC