php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24084 Patch: allow PHP to bind to an LDAP server using SASL
Submitted: 2003-06-08 15:43 UTC Modified: 2003-06-13 08:32 UTC
From: peter_c60 at hotmail dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 4.3.2 OS: Linux
Private report: No CVE-ID:
 [2003-06-08 15:43 UTC] peter_c60 at hotmail dot com
Below is a uuencoded patch to create a function (ldap_sasl_bind) that binds to the LDAP server using SASL. This would be useful for anyone trying to create a single sign-on solution using Kerberos. It does not use any fancy autoconfiscated method to find out whether the LDAP library was linked with SASL support. The two patches are to be applied to the ldap.c and php_ldap.h files in the ext/ldap directory. This patch has only been tested with Cyrus SASL and the OpenLDAP client implementation.

begin 644 ldap.patch
M+2TM(&QD87`N8RYO<FEG"5-U;B!*=6X@(#@@,C$Z,C0Z-38@,C`P,PHK*RL@
M;&1A<"YC"5-U;B!*=6X@(#@@,C`Z-3@Z-#D@,C`P,PI`0"`M.#@L-B`K.#@L
M."!`0`H@"5!(4%]&12AL9&%P7V-O;FYE8W0L"0D)"0D)"0E.54Q,*0H@"5!(
M4%]&04Q)05,H;&1A<%]C;&]S92P)"6QD87!?=6YB:6YD+`D)"4Y53$PI"B`)
M4$A07T9%*&QD87!?8FEN9"P)"0D)"0D)"0E.54Q,*0HK"5!(4%]&12AL9&%P
M7W-A<VQ?8FEN9"P**PD)3E5,3"D*(`E02%!?1D4H;&1A<%]U;F)I;F0L"0D)
M"0D)"0D)3E5,3"D*(`E02%!?1D4H;&1A<%]R96%D+`D)"0D)"0D)"4Y53$PI
M"B`)4$A07T9%*&QD87!?;&ES="P)"0D)"0D)"0E.54Q,*0I`0"`M-#8S+#8@
M*S0V-2PT,2!`0`H@"7T@96QS92!["B`)"5)%5%523E]44E5%.PH@"7T**WT*
M*R\J('U]?2`J+PHK"BLO*B!);G1E<F%C="!F=6YC=&EO;B!F;W(@4T%33"`J
M+PHK<W1A=&EC(&EN="!S87-L7VEN=&5R86-T*$Q$05`@*FQD+"!U;G-I9VYE
M9"!F;&%G<RP@=F]I9"`J9&5F875L=',L('9O:60@*FEN*2!["BL)<V%S;%]I
M;G1E<F%C=%]T("II;G1E<F%C="`](&EN.PHK"7=H:6QE*"!I;G1E<F%C="T^
M:60@(3T@4T%33%]#0E],25-47T5.1"`I('L**PD)8V]N<W0@8VAA<B`J9&9L
M="`](&EN=&5R86-T+3YD969R97-U;'0["BL)"6EN=&5R86-T+3YR97-U;'0@
M/2!S=')D=7`H("AD9FQT("8F("ID9FQT*2`_(&1F;'0@.B`B(B`I.PHK"0EI
M;G1E<F%C="T^;&5N(#T@:6YT97)A8W0M/G)E<W5L="`_('-T<FQE;B@@:6YT
M97)A8W0M/G)E<W5L="`I(#H@,#L**PD):6YT97)A8W0K*SL**PE].PHK"7)E
M='5R;B!,1$%07U-50T-%4U,["BM]"BL**R\J('M[>R!P<F]T;R!B;V]L(&QD
M87!?<V%S;%]B:6YD*')E<V]U<F-E(&QI;FLI"BL@("!":6YD('1O($Q$05`@
M9&ER96-T;W)Y('5S:6YG(%-!4TP@*B\**U!(4%]&54Y#5$E/3BAL9&%P7W-A
M<VQ?8FEN9"D**WL**R`@("`@("`@>G9A;"`J;&EN:SL**R`@("`@("`@;&1A
M<%]L:6YK9&%T82`J;&0["BL@("`@("`@(&EN="!R8SL**PHK("`@("`@("!I
M9B`H>F5N9%]P87)S95]P87)A;65T97)S*%I%3D1?3E5-7T%21U,H*2!44U)-
M3%-?0T,L(")R(BP@)FQI;FLI(#T]($9!24Q54D4I('L**R`@("`@("`@("`@
M("`@("!215154DY?1D%,4T4["BL@("`@("`@('T**PHK("`@("`@("!:14Y$
M7T9%5$-(7U)%4T]54D-%*&QD+"!L9&%P7VQI;FMD871A("HL("9L:6YK+"`M
M,2P@(FQD87`@;&EN:R(L(&QE7VQI;FLI.PHK"BL@("`@("`@(&EF("@H<F,@
M/2!L9&%P7W-A<VQ?:6YT97)A8W1I=F5?8FEN9%]S*&QD+3YL:6YK+"!.54Q,
M+"!.54Q,+"!.54Q,+"!.54Q,+"!,1$%07U-!4TQ?455)150L('-A<VQ?:6YT
M97)A8W0L($Y53$PI*2`A/2!,1$%07U-50T-%4U,I('L**R`@("`@("`@("`@
M("`@("!P:'!?97)R;W(H15]705).24Y'+"`B)7,H*3H@(%5N86)L92!T;R!B
M:6YD('1O('-E<G9E<CH@)7,B+"!G971?86-T:79E7V9U;F-T:6]N7VYA;64H
M5%-234Q37T,I+"!L9&%P7V5R<C)S=')I;F<H<F,I*3L**R`@("`@("`@("`@
M("`@("!215154DY?1D%,4T4["BL@("`@("`@('T@96QS92!["BL@("`@("`@
M("`@("`@("`@4D5455).7U12544["BL@("`@("`@('T*('T*("\J('U]?2`J
$+PH@"@``
`
end

begin 644 php_ldap.patch
M+2TM('!H<%]L9&%P+F@N;W)I9PE3=6X@2G5N("`X(#(Q.C(U.C,Y(#(P,#,*
M*RLK('!H<%]L9&%P+F@)4W5N($IU;B`@."`R,#HU,CHS,"`R,#`S"D!`("TR
M-RPV("LR-RPW($!`"B`C:6YC;'5D92`\;&)E<BYH/@H@(V5N9&EF"B`C:6YC
M;'5D92`\;&1A<"YH/@HK(VEN8VQU9&4@/'-A<VPO<V%S;"YH/@H@"B!E>'1E
M<FX@>F5N9%]M;V1U;&5?96YT<GD@;&1A<%]M;V1U;&5?96YT<GD["B`C9&5F
M:6YE(&QD87!?;6]D=6QE7W!T<B`F;&1A<%]M;V1U;&5?96YT<GD*0$`@+30P
M+#8@*S0Q+#<@0$`*(%!(4%]&54Y#5$E/3BAL9&%P7V-O;FYE8W0I.PH@"B!0
M2%!?1E5.0U1)3TXH;&1A<%]B:6YD*3L**U!(4%]&54Y#5$E/3BAL9&%P7W-A
M<VQ?8FEN9"D["B!02%!?1E5.0U1)3TXH;&1A<%]U;F)I;F0I.PH@"B!02%!?
51E5.0U1)3TXH;&1A<%]R96%D*3L*
`
end

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-08 15:46 UTC] derick@php.net
Please post this as a text file (unified diff) on a website.
 [2003-06-08 16:15 UTC] peter_c60 at hotmail dot com
OK then:

http://www.geocities.com/ldappatch/ldap.txt
http://www.geocities.com/ldappatch/php_ldap.txt
 [2003-06-08 16:19 UTC] derick@php.net
The problem with this patch is that it never checks if SASL support is enabled in your LDAP library. I think you will need to check for this with config.m4 and add some ifdef's to the code accordingly, unless *every* LDAP library comes with SASL support of course.
 [2003-06-08 18:44 UTC] sniper@php.net
Patch committed to CVS. (in php5/)

 [2003-06-09 13:22 UTC] peter_c60 at hotmail dot com
It looks like the patch checked into CVS is wrong, at least from an autoconf point of view. The problem is that the function ldap_sasl_interactive_bind_s is always defined whether SASL was enabled at time of compilation or not. Also the sasl.h header is required because the interactive function requires some of its defines. I've made some new patches that check that the LDAP library was linked against libsasl(2) (using ldd, I'm not sure if this is the correct method on all platforms) and also checks for the headers. I haven't tested it myself because I keep on getting a libtool error at time of compile (but that's a story for another bug report) but it seems to work correctly up to the configure stage. Anyway here are the patches (to be applied to the current CVS version):

http://www.geocities.com/ldappatch/config2.txt (apply to config.m4)
http://www.geocities.com/ldappatch/ldap2.txt (apply to ldap.c)
http://www.geocities.com/ldappatch/php_ldap2.txt (apply to php_ldap.h)
 [2003-06-09 18:42 UTC] peter_c60 at hotmail dot com
I have managed to compile and test the new patch and it works AFAICT.
 [2003-06-13 08:32 UTC] sniper@php.net
Should be fixed now. (Your config.m4 patch was not very good,
the ldap libs can be static too, so ldd wouldn't work very well. :)

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 23:01:58 2014 UTC