php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #50270 ldap_start_tls problem
Submitted: 2009-11-23 11:27 UTC Modified: 2017-01-09 07:03 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: jcarlos at dsi dot uclm dot es Assigned:
Status: Wont fix Package: LDAP related
PHP Version: 5.3.1 OS: windows
Private report: No CVE-ID: None
View Developer Edit
 [2009-11-23 11:27 UTC] jcarlos at dsi dot uclm dot es 
Description:
------------
My configuration (works perfect):
Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.11

When i upgrade to:
Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.3.1

ldap_start_tls problem





Reproduce code:
---------------
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-23 11:35 UTC] jcarlos at dsi dot uclm dot es 
$ds=ldap_connect($ldaphost);  
   if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)){
      print "No puedo establecer LDAPv3";
   }else if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)){
      print "No puedo establecer LDAP_OPT_REFERRALS";
   }else if (!ldap_start_tls($ds)) { // <----- FAIL --------------
      print "No puedo iniciar TLS ";
   }else {
      printf "OK!!!!";
      } 
   }
 [2009-11-24 00:31 UTC] jani@php.net 
Check this if it helps:

  http://marc.info/?l=php-windows&m=116127873321748&w=2
 [2009-11-24 09:02 UTC] jcarlos at dsi dot uclm dot es 
In the past, I always updated the php version and I have never had problems.

I have in c:\openldap\sysconf\ the file ldap.conf

TLS_REQCERT never
TLS_CACERT C:\OpenLdap\sysconf\certs\cert_dom_uclm.pem

I have compiled Filezilla Server with support for ldap and It works perfect now.
http://forum.filezilla-project.org/viewtopic.php?f=6&t=11146

It run with AD.
 [2009-11-24 09:11 UTC] jcarlos at dsi dot uclm dot es 
Also, if I'm going back to php-5.2.11 works fine, but if I change the php-5.3.1 not working

sorry for my english
 [2009-11-24 10:44 UTC] jcarlos at dsi dot uclm dot es 
I have tested with:

Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 (works fine)

Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.3.1 (same error)
 [2009-11-26 10:54 UTC] jcarlos at dsi dot uclm dot es 
A little manual, for a easy configuration

INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS 
==================================================

My configuration:
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11

NOTE 1: At the momment, the versi?n 5.3.1 fail with tls
NOTE 2: This example works on windows, but in linux is similar

1) Download the Certificate X.509 (PEM format) from a web browser, I used Firefox. I put the name webcert.crt
2) Create the folder c:\openldap\sysconf
3) Copy the file webcert.crt to c:\openldap\sysconf
4) With notepad you must create the file c:\openldap\sysconf\ldap.conf file. The file contents:
TLS_REQCERT never
TLS_CACERT c:\openldap\sysconf\webcert.crt
5) The code:

<?php
   $ldap="ldap.myDomain.com";
   $usr="user@myDomain.com";
   $pwd="mypassword";
   
   $ds=ldap_connect($ldap);  
   $ldapbind=false;
   if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
      if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) 
         if(ldap_start_tls($ds)) 
               $ldapbind = @ldap_bind($ds, $usr, $pwd);    
   ldap_close($ds);
   if(!$ldapbind)
	   echo "ERROR";
   else
       echo "OK";
?>
 [2009-11-26 11:05 UTC] pajoye@php.net 
Moving to the "to be documented" state, it could be very usefull to have this info in the ldap documentation.
 [2009-11-27 09:19 UTC] jcarlos at dsi dot uclm dot es 
In Step 1, I have downloaded the certificate the the url https://www.myDomain.com
 [2009-12-01 11:12 UTC] jcarlos at dsi dot uclm dot es 
I have tested in linux
Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2

INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX
===========================================================

I'm not an expert, but it works.
1)I have installed ubuntu 9.10 desktop

2)Packages:
 apt-get install apache2
 apt-get install libapache2-mod-php5
 apt-get install libldap-2.4-2
 apt-get install ldap-utils
 apt-get install libsasl2-modules-ldap
 apt-get install openssl
 apt-get install libsasl2-2
 apt-get install libkrb5-3
 apt-get install kbr5-config
 apt-get install kbr5-user
 apt-get install php5-ldap
 apt-get install php5-sasl
 apt-get install php5-auth-pam

3)Put the PEM certificate.
 cd /etc/ldap
 mkdir certs
 copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem
 NOTE:webcert.crt rename to mycert.pem. It's the same

4)Edit the file /etc/ldap/ldap.conf and Add:
  TLS_REQCERT never
  TLS_CACERT /etc/ldap/certs/mycert.pem

5)Create file /var/www/ldaptlstest.php:

<?php

   $ldap="ldap.myDomain.com";
   $usr="user@myDomain.com";
   $pwd="mypassword";
    
   

   $ds=ldap_connect($ldap);  

   $ldapbind=false;

   if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))

      if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) 

         if(ldap_start_tls($ds)) 

               $ldapbind = @ldap_bind($ds, $usr, $pwd);    

   ldap_close($ds);

   if(!$ldapbind)

      echo "ERROR";

   else

      echo "OK";

?>

6)Restart the server: /etc/init.d/apache2 restart

7)Open Firefox and write: http://localhost/ldaptlstest.php

;) Works fine
 [2010-08-12 00:33 UTC] steve at maraspin dot net 
I am also experiencing the same problem with PHP 5.3.2, bundled in Zend Server CE. I've tried invoking following script both from the cli and apache on CentOS 5.5 64 bit and it fails on both cases. Following error message appears:

Warning: ldap_start_tls(): Unable to start TLS: Not Supported in /tmp/script.php on line 7

On same machine, the same script, interpreted by a PHP 5.1.6 (cli) interpreter (obtained from CentOS yum repository, php package) works well. Both php binaries are compiled for 64 bit.


<?php
  $ldap="ldap://myhost";
  $ds=ldap_connect($ldap,389);
  $ldapbind=false;
  if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
          if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
              if(ldap_start_tls($ds)) {
                   $ldapbind = ldap_bind($ds,
                                         "cn=username,
                                          dc=x,
                                          dc=y",
                                          "password"
                                         );
                        if ($ldapbind) { 
                               echo "ok";
                        } else { 
                               echo "ko tls";
                        }        
                } else { 
                       echo "no tls"; 
                }
              } else echo "no option";
   } else {
        echo "no version";
   }

   ldap_close($ds);
 [2013-01-21 13:43 UTC] omar dot piani at gmail dot com 
I was stucked with this: https://bugs.php.net/bug.php?id=48866

the solution is move the ldap.conf to c:\
 [2014-12-16 23:44 UTC] kalle@php.net
-Type: Bug +Type: Documentation Problem
 [2017-01-09 07:03 UTC] heiglandreas@php.net
-Status: Open +Status: Wont fix
 [2017-01-09 07:03 UTC] heiglandreas@php.net 
This issue has been open for more than 7 years and targets a by now unsupported version of PHP. Therefore I'm closing it.

Should you still have these issues with a supported version of PHP please feel free to open a new issue.

Thanks
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC