|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54136 Secure SSL bind to Active Directory fails
Submitted: 2011-03-02 14:16 UTC Modified: 2017-01-09 17:03 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: kyllingpost at gmail dot com Assigned:
Status: Wont fix Package: LDAP related
PHP Version: 5.3.5 OS: Ubuntu 10.04 LTS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: kyllingpost at gmail dot com
New email:
PHP Version: OS:


 [2011-03-02 14:16 UTC] kyllingpost at gmail dot com
Attempting to bind to server using SSL returns:

Warning: ldap_bind() Unable to bind to server: Can't contact LDAP server 

while ldap_connect() returns success.

Using a non-encrypted channel works, and the server responds on ssl using other libraries, including successful bind.

Test script:
$username = 'username';
$password = 'password';
$account_suffix = '';
$hostnameSSL = 'ldaps://';

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

// Attempting fix from

# SSL bind attempt #
// Attempting syntax from
$con =  ldap_connect($hostnameSSL);
if (!is_resource($con)) trigger_error("Unable to connect to $hostnameSSL",E_USER_WARNING);

// Options from
if (!ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3))
	trigger_error("Failed to set LDAP Protocol version to 3",E_USER_WARNING);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);

if (ldap_bind($con,$username . $account_suffix, $password)) die('All went well using SSL');

Expected result:
I expected ssl handshake, and secure bind.


>> openssl s_client -connect -prexit

SSL handshake has read 5732 bytes and written 443 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 1B1500000642E45E5A37A76A804365F5DBB28F6597838808B603BE45A0525CBD
    Master-Key: 68F4DB2000D02CA5F19880DABE4602947C344C9E674A285DA3977F78F35610D46F1EA770D64F24D5C7DB5451FFB6895B
    Key-Arg   : None
    Start Time: 1299071105
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

Actual result:
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP
ldap_new_socket: 25
ldap_prepare_socket: 25
ldap_connect_to_host: Trying
ldap_pvt_connect: fd: 25 tm: -1 async: 0
ldap_open_defconn: successful
ldap_result ld 0x22620e98 msgid 1
wait4msg ld 0x22620e98 msgid 1 (infinite timeout)
wait4msg continue ld 0x22620e98 msgid 1 all 1
** ld 0x22620e98 Connections:
* host:  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Wed Mar  2 13:57:52 2011

** ld 0x22620e98 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x22620e98 request count 1 (abandoned 0)
** ld 0x22620e98 Response Queue:
  ld 0x22620e98 response count 0
ldap_chkResponseList ld 0x22620e98 msgid 1 all 1
ldap_chkResponseList returns ld 0x22620e98 NULL
read1msg: ld 0x22620e98 msgid 1 all 1
[Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP Warning:  ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Can't contact LDAP server in /public_html/test.php on line 28
[Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP Stack trace:
[Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP   1. {main}() /public_html/test.php:0
[Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP   2. ldap_bind() /public_html/test.php:28
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-09 16:53 UTC]
This issue is by now over 5 years old and targets an unsupported PHP-Version. Therefore I'm closing this. Should the issue still exist in a supported version of PHP feel free to (re)open the issue.
 [2017-01-09 17:03 UTC]
-Status: Open +Status: Wont fix
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Jan 27 15:03:46 2023 UTC