php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80405 LDAPCONF=/etc/ldap/ldap.conf not respected
Submitted: 2020-11-23 10:29 UTC Modified: -
From: alisun at shitmail dot de Assigned:
Status: Open Package: *General Issues
PHP Version: 7.4.12 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
23 + 15 = ?
Subscribe to this entry?

 
 [2020-11-23 10:29 UTC] alisun at shitmail dot de
Description:
------------
Problem: $LDAPCONF is not read properly.

cat /etc/ldap/ldap.conf
TLS_CACERT=/some/path
TLS_KEY=/some/other/path
TLS_CERT=/some/otherpath
TLS_REQCERT=demand

Ex 1: no explicit environment variables, should respect /etc/ldap/ldap.conf?
Does not :D

sudo  -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in php shell code on line 1

Ex 2: set LDAPCONF explicity, should respect /etc/ldap/ldap.conf?
Does not either

export LDAPCONF=/etc/ldap/ldap.conf                                        
sudo  -Eu www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in php shell code on line 1

Ex 3: use $LDAPCONF content via environment variables
Works

export LDAPTLS_CACERT=/some/path
export LDAPTLS_KEY=/some/other/path
export LDAPTLS_CERT=/some/otherpath
export LDAPTLS_REQCERT=demand

sudo  -Eu wwwcloud php -a<<eof                  

\$dn="uid=nextcloud,ou=people,dc=physsolutions,dc=org";
\$p=">.D+c'k_]^F4F8(d";
\$ldaphost = "ldap.physsolutions.org";
\$ldapport = 389;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error

Ex 4: use $HOME/.ldaprc
Works

cp /etc/ldap/ldap.conf ~www-data/.ldaprc
sudo  --set-home -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error

Ex 5: use $CWD/ldaprc
Works

cp /etc/ldap/ldap.conf ldaprc
sudo -u www-data php -a<<eof
\$dn="someDN";
\$p="somePw";
\$ldaphost = "someHost";
\$ldapport = somePort;
\$ldapconn = ldap_connect(\$ldaphost, \$ldapport);
ldap_set_option(\$ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls(\$ldapconn);
eof
# no error


Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Mar 05 20:01:24 2021 UTC