|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2001-12-27 16:31 UTC] emetsger at jhu dot edu
Platform: SunOS 5.7, PHP 4.0.6 (--with-ssl), OpenLDAP 2.0.14 (--with-tls)
When given an array of ldap servers like array("ldaps://hostname_a", "ldap://hostname_a"), ldap_connect doesn't even attempt a tcp connection to port 636.
To further generalize my statement, if you specify any server with the ldaps:// URL construct, ldap_connect won't attempt a tcp connection to that server (either on port 636 or 389).
According to the ldap_connect documentation, you don't need to specify portnames when using the URL construct. But, the only way I have found to work around this is to specify the port in order to attempt an SSL connection.
To test , change the elements in the array $LDAP_SERVER in the provided include file. I am new to php and am not a programmer, so please go easy on my dirty code!
Thank you for such a great product! I appreciate all the time and effort this group puts into this quality production!
My function (called with no arguments, returns an LDAP link identifier upon a successful bind):
function esm_find_ldap_server() {
require "./ldap_constants.inc";
// Find the appropriate ldap server
while ( ($ldap_linkid != TRUE) and ($port_cell = each($LDAP_SERVER_PORTS)) ) {
$try_port = $port_cell[value];
print "Trying port $try_port<br>\n";
reset($LDAP_SERVER);
while ( ($ldap_linkid == 0) and ($server_cell = each($LDAP_SERVER)) ) {
$try_server = $server_cell[value];
print "Trying server $try_server:$try_port<br>\n";
if ( $ldap_linkid = ldap_connect($try_server,$try_port) ) {
print "Connection successful: LDAP link id is $ldap_linkid, attempting bind<br>\n";
if ( @ldap_bind($ldap_linkid, $CMS_BIND_DN, $CMS_BIND_PW) ) {
print "Successful bind. Returning.<br>\n";
return $ldap_linkid;
} else {
print "Bind failed. Continuing.<br>\n";
unset($ldap_linkid);
continue;
} //end inner if/else (successful bind)
} //end first if/else (successful connection)
} //end inner while (server selection)
} //end outer while (port selection)
} //end function
My include file ldap_contants.inc:
$CMS_BASE_DN = 'dc=library,dc=johnshopkins,dc=edu';
$CMS_BIND_RDN = 'cn=cmsproxy,ou=proxy';
$CMS_BIND_DN = "$CMS_BIND_RDN,$CMS_BASE_DN";
$CMS_BIND_PW = "xxxxxxx";
$LDAP_SERVER_PORTS = array("636","389");
// we have a problem with tcp timeouts if the host is down or doesn't send a RST
// will have to figure out a way around tcp timeouts
$LDAP_SERVER = array("128.220.8.91", "128.220.8.108", "128.220.8.91");
// for secure servers we need to either trust a self-signed cert or get a real cert for the ldap server
// currently not used
$LDAP_SECURE_SERVER = array("128.220.8.108");
//filters we use to find users
$CMS_USER_FILTER = '(objectClass=posixAccount)';
$CMS_USER_BASE_DN = 'ou=People,' . "$CMS_BASE_DN";
$CMS_USER_ATTR = 'uid';
$CMS_USER_PWATTR = 'userPassword';
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Dec 27 04:01:29 2024 UTC |
There are several ways to use ldap_connect(). With all LDAP APIs (I think), you should be able to specify multiple hosts separated by space, and do something like: ldap_connect("hosta hostb hostc", $port). If you skip the final argument, 389 is used. If you specify 636, you are still not using SSL. If you use OpenLDAP 2 API (like you do), you can use URLs instead of hosts, then the $port argument is not used. You can then do say: ldap_connect("ldaps://hosta ldaps://hostb:637") to first try SSL to hosta on port 636, and next SSL to hostb on port 637. If you are not using SSL, you can do say ldap_connect("ldap://hosta ldap://hostb:390") again, you can specify 636, but you're not using SSL then. You can also mix ldap and ldaps URLs if you like. I must confess I didn't look much at your code, but it won't work to use an array as argument to ldap_connect(). I'm closing this case, since I don't see a bug. Please reopen if what I wrote above doesn't work.