php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #31712 [PATCH]: LDAP SSL Support via Mozilla LDAP C SDK
Submitted: 2005-01-27 00:10 UTC Modified: 2015-09-10 14:11 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: php at warnertechnology dot com Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 5.0.3 OS: Solaris
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at warnertechnology dot com
New email:
PHP Version: OS:

 

 [2005-01-27 00:10 UTC] php at warnertechnology dot com 
Description:
------------
The current ext/ldap/ldap.c code does not appear to support Secure LDAP connections when using the Mozilla LDAP C SDK, and it also does not appear to support LDAP URLs. I'm contributing code (or at least a diff since this form doesn't want too many lines) that enable both these features. I couldn't find a way to contribute code other than via a bug report, so I apologize if this isn't the right method. NOTE: I've "ifdef"-ed the code with HAVE_MOZILLALDAP. I have not attempted to rewrite configure to account for this. Caveat emptor.

Reproduce code:
---------------
22,23d21
<    | 26 Jan 2005 Added support for Mozilla LDAP C SDK with SSL:                                                 |
<    | Matt Warner <matt@warnertechnology.com>                                                    |
29c27
< #define HAVE_MOZILLALDAP 1
---
> 
34,38d31
< #if defined(HAVE_MOZILLALDAP)
< #include <ldap.h>
< #include <ldap_ssl.h>
< #endif
< 
370,372d362
< #ifdef HAVE_MOZILLALDAP
<       int ssl=0;
< #endif
394,417d383
< #elif HAVE_MOZILLALDAP
< // For the moment, we're going to require a single parameter (i.e. "ldap://servername").
< // We're going to let it pass the parsing here because we generate a more readable error below
< // when we call ldap_url_parse.
<       if (ZEND_NUM_ARGS() == 2) {
<               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sl", &host, &hostlen, &port) == FAILURE) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 396 of ldap.c");
<                       RETURN_FALSE;
<                       }
<       }
<       else {
<       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &host, &hostlen, &port) == FAILURE) {
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 402 of ldap.c");
<               RETURN_FALSE;
<               }
<       }
<       
<       if (strncasecmp(host,"ldaps",5)==0) {
<               ssl = 1;
< #ifdef DEBUG
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Setting SSL=1 for Mozilla SDK.");
< #endif
<               }
< 
420d385
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 399 of ldap.c");
445,503d409
< #elif HAVE_MOZILLALDAP
< // Note the following section of code was based on Code Example 10-2 on http://www.mozilla.org/directory/csdk-docs/url.htm
<               LDAPURLDesc *ludpp;
<               int res, i;
<               if ( ( res = ldap_url_parse( host, &ludpp ) ) != 0 ) {
<                 switch( res ){
<                       case LDAP_URL_ERR_NOTLDAP:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL does not begin with \"ldap://\"\n" );
<                         break;
<                       case LDAP_URL_ERR_NODN:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL missing trailing slash after host or port\n" );
<                         break;
<                       case LDAP_URL_ERR_BADSCOPE:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL contains an invalid scope\n" );
<                         break;
<                       case LDAP_URL_ERR_MEM:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not enough memory\n" );
<                         break;
<                       default:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error\n" );
<                 }
<                 RETURN_FALSE;
<               }
<       if (ludpp->lud_port==NULL) {
<               port=636;
<       }
<       else {
< #ifdef DEBUG
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using port number %d",port );
< #endif
<               port=ludpp->lud_port;
<               }
<       if (ssl) {
< #ifdef DEBUG          
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Calling LDAP SSL routines for Mozilla C SDK");
< #endif
<               if (ldapssl_client_init("/var/ldap/cert7.db",NULL)<0) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "ERROR calling ldapssl_client_init");
<                       efree(ld);
<                       RETURN_FALSE;
<                       }
< #ifdef DEBUG          
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Calling ldapssl_init for host: %s port: %d",ludpp->lud_host,port);
< #endif
< 
<               if ((ldap=ldapssl_init(ludpp->lud_host,port, 1))==-1) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL init failed");
<                       efree(ld);
<                       RETURN_FALSE;
<               }
< #ifdef DEBUG          
<               else 
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Completed SSL init routines for Mozilla SDK");
< #endif
<               }
<       else {
<               ldap = ldap_init(ludpp->lud_host,ludpp->lud_port);
<               }
<       ldap_free_urldesc(ludpp);
509d414
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "ldap was NULL. Returning false at line 482.");
564d468
< 

Expected result:
----------------
URLs and SSL support are now available.

Actual result:
--------------
URLs and SSL support are now available.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-27 00:48 UTC] php at warnertechnology dot com 
Unified diff file can be downloaded from

http://warnertechnology.com/ldap-diff.txt
 [2005-03-07 18:25 UTC] php at warnertechnology dot com 
Simple test script can be downloaded:

http://warnertechnology.com/test.php.txt
 [2011-04-08 21:49 UTC] jani@php.net
-Package: Feature/Change Request +Package: LDAP related
 [2015-09-10 12:05 UTC] mcmic@php.net
-Status: Open +Status: Not a bug
 [2015-09-10 12:05 UTC] mcmic@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

php-ldap officially only support openldap client implementation.
A patch has been accepted so that Solaris LDAP builds fine.
If a patch is provided for Mozilla SDK support and this patch is not too much invasive we’ll accept it.
 [2015-09-10 14:11 UTC] php at warnertechnology dot com 
I'm disappointed to see this response 10+ years after I submitted a patch to add this functionality. Yes, I know this isn't technically a bug, and I indicated in the original that I could not find a way to submit a patch to add the functionality.

Your last sentence says "if" a patch is submitted you'll consider it. Since I took the time to submit a patch, will you please do so?

Thanks!

Matt
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Mar 14 15:01:30 2025 UTC