php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8714 Adding LDAP entries drops credentials if update is referred
Submitted: 2001-01-15 10:52 UTC Modified: 2001-11-12 08:24 UTC
From: anders dot ostling at neurope dot ikea dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 4.0.4pl1 OS: Linux 2.2.18
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: anders dot ostling at neurope dot ikea dot com
New email:
PHP Version: OS:

 

 [2001-01-15 10:52 UTC] anders dot ostling at neurope dot ikea dot com
We have a replicated LDAP tree. If I add entries to a replica, AND specify a DN and password, the add operation gets referred (correctly) to the master/supplier server, but the credentials are lost. This is reproducable.
I have OpenLDAP libs 2.0.6 installed and is using Netscape 4.12 Dir server.

If required, I have a complete network trace (from ethereal) that shows all ldap packets.

Best regards

Anders

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-12 08:24 UTC] venaas@php.net
This is correct behavior. It is done in the LDAP library,
it's not something PHP can fix. There are however two
possible solutions.

The first one is to turn off automatic referral chasing,
which can be done using
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
Next you need to somehow see what referral you get back.
I'm not exactly sure how to do that right now, and some
PHP code might have to be tweaked. If you want this
solution, I'll do some digging and come up with something
for you.

The other possibility is to use automatic referral
chasing, but set a rebind procedure that can do the
bind to the new server. This is something I'm looking
into now, but it will probably only be implemented for
OpenLDAP 2.1 and newer which should be released in a
few months time. It is very complicated to implement it
for 2.0, so I would rather wait.

I'm closing this now since it's not a bug, but please
contact me if you want me to find a solution.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC