php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #31712 [PATCH]: LDAP SSL Support via Mozilla LDAP C SDK
Submitted: 2005-01-27 00:10 UTC Modified: 2015-09-10 14:11 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: php at warnertechnology dot com Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 5.0.3 OS: Solaris
Private report: No CVE-ID: None
 [2005-01-27 00:10 UTC] php at warnertechnology dot com
Description:
------------
The current ext/ldap/ldap.c code does not appear to support Secure LDAP connections when using the Mozilla LDAP C SDK, and it also does not appear to support LDAP URLs. I'm contributing code (or at least a diff since this form doesn't want too many lines) that enable both these features. I couldn't find a way to contribute code other than via a bug report, so I apologize if this isn't the right method. NOTE: I've "ifdef"-ed the code with HAVE_MOZILLALDAP. I have not attempted to rewrite configure to account for this. Caveat emptor.

Reproduce code:
---------------
22,23d21
<    | 26 Jan 2005 Added support for Mozilla LDAP C SDK with SSL:                                                 |
<    | Matt Warner <matt@warnertechnology.com>                                                    |
29c27
< #define HAVE_MOZILLALDAP 1
---
> 
34,38d31
< #if defined(HAVE_MOZILLALDAP)
< #include <ldap.h>
< #include <ldap_ssl.h>
< #endif
< 
370,372d362
< #ifdef HAVE_MOZILLALDAP
<       int ssl=0;
< #endif
394,417d383
< #elif HAVE_MOZILLALDAP
< // For the moment, we're going to require a single parameter (i.e. "ldap://servername").
< // We're going to let it pass the parsing here because we generate a more readable error below
< // when we call ldap_url_parse.
<       if (ZEND_NUM_ARGS() == 2) {
<               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sl", &host, &hostlen, &port) == FAILURE) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 396 of ldap.c");
<                       RETURN_FALSE;
<                       }
<       }
<       else {
<       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &host, &hostlen, &port) == FAILURE) {
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 402 of ldap.c");
<               RETURN_FALSE;
<               }
<       }
<       
<       if (strncasecmp(host,"ldaps",5)==0) {
<               ssl = 1;
< #ifdef DEBUG
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Setting SSL=1 for Mozilla SDK.");
< #endif
<               }
< 
420d385
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failure to parse parameters on line 399 of ldap.c");
445,503d409
< #elif HAVE_MOZILLALDAP
< // Note the following section of code was based on Code Example 10-2 on http://www.mozilla.org/directory/csdk-docs/url.htm
<               LDAPURLDesc *ludpp;
<               int res, i;
<               if ( ( res = ldap_url_parse( host, &ludpp ) ) != 0 ) {
<                 switch( res ){
<                       case LDAP_URL_ERR_NOTLDAP:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL does not begin with \"ldap://\"\n" );
<                         break;
<                       case LDAP_URL_ERR_NODN:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL missing trailing slash after host or port\n" );
<                         break;
<                       case LDAP_URL_ERR_BADSCOPE:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL contains an invalid scope\n" );
<                         break;
<                       case LDAP_URL_ERR_MEM:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not enough memory\n" );
<                         break;
<                       default:
<                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error\n" );
<                 }
<                 RETURN_FALSE;
<               }
<       if (ludpp->lud_port==NULL) {
<               port=636;
<       }
<       else {
< #ifdef DEBUG
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Using port number %d",port );
< #endif
<               port=ludpp->lud_port;
<               }
<       if (ssl) {
< #ifdef DEBUG          
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Calling LDAP SSL routines for Mozilla C SDK");
< #endif
<               if (ldapssl_client_init("/var/ldap/cert7.db",NULL)<0) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "ERROR calling ldapssl_client_init");
<                       efree(ld);
<                       RETURN_FALSE;
<                       }
< #ifdef DEBUG          
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Calling ldapssl_init for host: %s port: %d",ludpp->lud_host,port);
< #endif
< 
<               if ((ldap=ldapssl_init(ludpp->lud_host,port, 1))==-1) {
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL init failed");
<                       efree(ld);
<                       RETURN_FALSE;
<               }
< #ifdef DEBUG          
<               else 
<                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Completed SSL init routines for Mozilla SDK");
< #endif
<               }
<       else {
<               ldap = ldap_init(ludpp->lud_host,ludpp->lud_port);
<               }
<       ldap_free_urldesc(ludpp);
509d414
<               php_error_docref(NULL TSRMLS_CC, E_WARNING, "ldap was NULL. Returning false at line 482.");
564d468
< 

Expected result:
----------------
URLs and SSL support are now available.

Actual result:
--------------
URLs and SSL support are now available.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-27 00:48 UTC] php at warnertechnology dot com
Unified diff file can be downloaded from

http://warnertechnology.com/ldap-diff.txt
 [2005-03-07 18:25 UTC] php at warnertechnology dot com
Simple test script can be downloaded:

http://warnertechnology.com/test.php.txt
 [2011-04-08 21:49 UTC] jani@php.net
-Package: Feature/Change Request +Package: LDAP related
 [2015-09-10 12:05 UTC] mcmic@php.net
-Status: Open +Status: Not a bug
 [2015-09-10 12:05 UTC] mcmic@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

php-ldap officially only support openldap client implementation.
A patch has been accepted so that Solaris LDAP builds fine.
If a patch is provided for Mozilla SDK support and this patch is not too much invasive we’ll accept it.
 [2015-09-10 14:11 UTC] php at warnertechnology dot com
I'm disappointed to see this response 10+ years after I submitted a patch to add this functionality. Yes, I know this isn't technically a bug, and I indicated in the original that I could not find a way to submit a patch to add the functionality.

Your last sentence says "if" a patch is submitted you'll consider it. Since I took the time to submit a patch, will you please do so?

Thanks!

Matt
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC