php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #50915 ldap extension with Solaris libldap patched for ldap urls
Submitted: 2010-02-02 17:08 UTC Modified: 2015-09-14 09:29 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: strube at physik3 dot gwdg dot de Assigned: srinatar (profile)
Status: Not a bug Package: LDAP related
PHP Version: 5.3 OS: Solaris 10
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: strube at physik3 dot gwdg dot de
New email:
PHP Version: OS:

 

 [2010-02-02 17:08 UTC] strube at physik3 dot gwdg dot de
Description:
------------
The PHP extension "ldap" can be build with the native Solaris 10 libldap and works well, except that it does not understand URL format (ldap://host, ldaps://host). I made a patch for this, based on testing for _SOLARIS_SDK (defined in /usr/include/ldap.h), which might also work for other NSLDAP variants. How can I upload this?
(The line numbers seem not to have changed at least from 5.2.10 to 5.3.1.)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-02 17:14 UTC] pajoye@php.net
hi,

Please provide patches (links) against PHP_5_3 and trunk.

Cheers,
 [2010-02-03 09:13 UTC] strube at physik3 dot gwdg dot de
>Please provide patches (links) against PHP_5_3 and trunk.
How must I proceed to do so?
 [2010-02-12 16:39 UTC] strube at physik3 dot gwdg dot de
> No feedback was provided for this bug for over a week
I have simply been waiting for a reply to my question from 3 Feb 9:13am UTC. It may seem trivial to you, but I am not sure what to do. Must I set "Version" to 5.3.1? Can the patch not be uploaded but only a link given to a file on our local webserver (which will not exist forever)?
(BTW, my password has not been working. I got it sent to me but it was changed - definitely not by me!)
 [2010-02-12 17:39 UTC] jani@php.net
Ever heard of pastebin.com ? Try that.
 [2010-02-15 11:42 UTC] strube at physik3 dot gwdg dot de
Well, I prefer our own servers over pastebin.com and put my patch in
ftp://ftp.physik3.gwdg.de/pub/HWS/php_ldap_solaris.patch (also visible as http://www.physik3.gwdg.de/~strube/soft/php_ldap_solaris.patch)
which will exist at least for a year, probably much longer.
More details: The line numbers are correct for recent versions of PHP 5.2.x and 5.3.x; for 4.4.9, patching works with offset (-1 and -38 lines). Execution has only been tested with php 5.2.x (x = 12 and slightly less), especially with LAM (http://www.ldap-account-manager.org/) and PLA (http://phpldapadmin.sourceforge.net/), both with and without SSL. SASL has not been tested (so far I have not got it working even without PHP).
The first hunk of the patch is required for building at all, the second one, to allow ldap[s] URLs and to use SSL.
Note on SSL usage: this is independent of PHP's configure option --with-openssl, since the Solaris libldap.so is linked with the (Mozilla-type) SSL libraries from /usr/lib/mps/ (from Solaris 10 on; in Solaris 9, ldapssl_client_init is a dummy function). The LDAP server's CA certificate (or chain) has to be put into PHP_PREFIX/ssl/ (you may change this path in my patch) in the Mozilla-like form of cert8.db, key3.db, secmod.db (tools [e.g., certutil] in /usr/sfw/bin/, docs in http://www.mozilla.org/projects/security/pki/nss/tools/).
 [2010-02-15 12:33 UTC] pajoye@php.net
hi,

Thanks for your work so far.


It is important to understand that 5.2.x is in Maintenance mode. We don't accept features addition there. 5.3.x accepts only minors and well tested features additions. trunk is the development tree.

Can you provide a patch against the PHP_5_3 branch and trunk please? And please test 5.3/trunk as well instead of 5.2 only.
 [2010-02-15 14:58 UTC] strube at physik3 dot gwdg dot de
First test show that there are indeed issues with PHP 5.3.1. I found that neither LAM nor PLA work with SLL, using ldaps://server or server:636 (but do work without SSL); an error in the call ldapssl_client_init is indicated, although that part of ldap.c patched by me is identical for 5.2.12 and 5.3.1 (however, the line numbers of the second patch hunk must be @@ -330,6 +334,42 @@ for 5.3.1, contrary to my previous statements).
As we are not be able to upgrade to 5.3.x in the near future because of compatibility issues with our PHP applications, I am sorry I cannot invest time do extensive tests presently.
 [2010-02-15 15:15 UTC] strube at physik3 dot gwdg dot de
Oops, this was not a problem of my patch, I simply forgot to copy the certificate files to the PHP_PREFIX/ssl of my 5.3.1 test installation!
At least LAM and PLA work just as with 5.2.12. "trunk" will take some time, I cannot do this now.
 [2010-02-16 08:55 UTC] jani@php.net
Moved to correct place. ext/ldap works best with OpenLDAP anyway but of course we can add one more implementation in the future. If someone has time. And access to such machine to test this.. :)
 [2010-02-19 15:11 UTC] srinatar@php.net
-Status: Open
+Status: Assigned
-PHP Version: 5.2.12
+PHP Version: 5.3
-Assigned To: 
+Assigned To: srinatar

thanks for the patch. I will find time - after couple of weeks - to do 
more testing on this patch and try to port it to 5.3/trunk as well

- Sriram
 [2010-11-24 10:07 UTC] jani@php.net
-Package: Feature/Change Request +Package: LDAP related
 [2015-09-10 10:05 UTC] mcmic@php.net
-Status: Assigned +Status: Not a bug
 [2015-09-10 10:05 UTC] mcmic@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

Hello, Solaris LDAP is not officially supported by php-ldap.
That said, we did accept a patch to make it work for next PHP 5.6 release.
 [2015-09-14 09:29 UTC] strube at physik3 dot gwdg dot de
Unfortunately I cannot test my patch with more recent PHP versions, because the Solaris 10 environment and the type of the web server have changed and are no more available to me.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC