php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80405 LDAPCONF=/etc/ldap/ldap.conf not respected
Submitted: 2020-11-23 10:29 UTC Modified: 2021-09-09 15:13 UTC
From: alisun at shitmail dot de Assigned: mcmic (profile)
Status: Assigned Package: LDAP related
PHP Version: 7.4.12 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alisun at shitmail dot de
New email:
PHP Version: OS:

 

 [2020-11-23 10:29 UTC] alisun at shitmail dot de 
Description:
------------
Problem: $LDAPCONF is not read properly.

cat /etc/ldap/ldap.conf
TLS_CACERT=/some/path
TLS_KEY=/some/other/path
TLS_CERT=/some/otherpath
TLS_REQCERT=demand

Ex 1: no explicit environment variables, should respect /etc/ldap/ldap.conf?
Does not :D

sudo  -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in php shell code on line 1

Ex 2: set LDAPCONF explicity, should respect /etc/ldap/ldap.conf?
Does not either

export LDAPCONF=/etc/ldap/ldap.conf                                        
sudo  -Eu www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in php shell code on line 1

Ex 3: use $LDAPCONF content via environment variables
Works

export LDAPTLS_CACERT=/some/path
export LDAPTLS_KEY=/some/other/path
export LDAPTLS_CERT=/some/otherpath
export LDAPTLS_REQCERT=demand

sudo  -Eu wwwcloud php -a<<eof                  

\$dn="uid=nextcloud,ou=people,dc=physsolutions,dc=org";
\$p=">.D+c'k_]^F4F8(d";
\$ldaphost = "ldap.physsolutions.org";
\$ldapport = 389;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error

Ex 4: use $HOME/.ldaprc
Works

cp /etc/ldap/ldap.conf ~www-data/.ldaprc
sudo  --set-home -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error

Ex 5: use $CWD/ldaprc
Works

cp /etc/ldap/ldap.conf ldaprc
sudo -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-24 10:09 UTC] cmb@php.net
-Package: *General Issues +Package: LDAP related
 [2021-09-09 14:52 UTC] cmb@php.net
-Assigned To: +Assigned To: mcmic
 [2021-09-09 14:52 UTC] cmb@php.net 
Maybe Côme can clarify?
 [2021-09-09 15:13 UTC] mcmic@php.net 
Unless I missed it I see no configuration file reading in our code, so I think this is supposed to be done by the libldap library.

We do have a test for this, which uses LDAPCONF: https://github.com/php/php-src/blob/master/ext/ldap/tests/ldap_connect_ldap_conf.phpt

So this is expected to work, at least for URI.

If the original poster is still around, could you output the result of 
var_dump(
 ldap_get_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, $value),
 $value);
For each case, and maybe the same with the other TLS related vars.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC