php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69574 ldap connection timeouts not enforced
Submitted: 2015-05-05 13:54 UTC Modified: 2022-08-11 19:40 UTC
From: ryan dot brothers at gmail dot com Assigned: mcmic (profile)
Status: Closed Package: LDAP related
PHP Version: 5.6.8 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ryan dot brothers at gmail dot com
New email:
PHP Version: OS:

 

 [2015-05-05 13:54 UTC] ryan dot brothers at gmail dot com 
Description:
------------
I am trying to simulate a LDAP server timing out.  I'm setting the options LDAP_OPT_NETWORK_TIMEOUT and LDAP_OPT_TIMELIMIT, but the script runs indefinitely without timing out.

In one ssh session, I am running the following command to simulate a socket listener:

nc -l 1234

If I run the below script in a second ssh session, it runs forever and never times out.

Is there a way to have this script timeout after a certain number of seconds?


Test script:
---------------
<?php
$ldap = ldap_connect('127.0.0.1:1234');

ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3);

ldap_bind($ldap);


Expected result:
----------------
Script times out in 3 seconds.


Actual result:
--------------
Script never times out.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-09 13:47 UTC] mcmic@php.net 
I can’t reproduce this, I tried your script, I got «PHP Warning:  ldap_connect(): Could not create session handle: Bad parameter to an ldap routine in /tmp/test.php on line 3»
So I replaced the call to ldap_connect by «$ldap = ldap_connect('127.0.0.1:1234');»
I launched «nc -l 1234» in a shell, in an other one the PHP script, I only got «PHP Warning:  ldap_bind(): Unable to bind to server: Can't contact LDAP server in /tmp/test.php on line 8» immediatly, not even after 3 seconds.

Not sure how to test this otherwise…
 [2015-09-09 13:48 UTC] mcmic@php.net 
I meant I replaced it by «$ldap = ldap_connect('localhost', 1234);», sorry.
 [2015-09-09 13:51 UTC] mcmic@php.net 
Ok, got it, I had to do «nc -l -p 1234» instead of «nc -l 1234».
I can reproduce the bug.
 [2015-09-09 13:51 UTC] mcmic@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mcmic
 [2015-09-09 15:24 UTC] mcmic@php.net 
Ok, so the problem is:

LDAP_OPT_TIMELIMIT is only for searches, not bind operations
LDAP_OPT_NETWORK_TIMEOUT is for socket level timeout, in your test there is no such thing as the nc is indeed listening on the socket.

What you need is LDAP_OPT_TIMEOUT from openldap, which is not available yet in PHP.
So I’m gonna add this to php-ldap as it seems usefull.
 [2015-09-10 10:00 UTC] mcmic@php.net
-Status: Assigned +Status: Closed
 [2015-09-10 10:00 UTC] mcmic@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I added support for LDAP_OPT_TIMEOUT, please check that it fixes your problem.
 [2022-08-11 18:10 UTC] tanjh58 at hotmail dot com 
This doesn't work for ldaps protocol. Here is my code: 

<?php
$ldap = ldap_connect('ldaps://127.0.0.1:636');

ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMEOUT, 3);

ldap_bind($ldap);
?>

This never timeout.
 [2022-08-11 18:38 UTC] requinix@php.net
-Summary: ldap timeouts not enforced +Summary: ldap connection timeouts not enforced
 [2022-08-11 18:38 UTC] requinix@php.net 
Connection timeouts must be set before connecting. Set LDAP_OPT_NETWORK_TIMEOUT globally before calling ldap_connect() by passing null in place of a connection.


ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_connect('127.0.0.1:1234');


Meanwhile ldap_bind() is something else.
 [2022-08-11 19:40 UTC] heiglandreas@php.net 
As ldap_connect doesn't actually "connect", the logic is quite flawed here as the first command actually connecting to the server in the example is the ldap_bind.

But in the end that's nitpicking. The TIMEOUT needs to be set before the ldap_connect, so the ldap_set_option gets NULL as connection parameter.
 [2022-08-12 03:04 UTC] tanjh58 at hotmail dot com 
For ldap protocol, I did the similar code:
<?php
$ldap = ldap_connect('ldap://127.0.0.1:389');

ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 3);
ldap_set_option($ldap, LDAP_OPT_TIMEOUT, 3);

ldap_bind($ldap);
?>
This times out in 3 seconds.

How could you set timeout before ldap_connect, if $ldap is not set by ldap_connect call?
 [2022-08-12 17:06 UTC] tanjh58 at hotmail dot com 
Since this bug is closed, I opened a new one: https://github.com/php/php-src/issues/9320
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC