php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8714 Adding LDAP entries drops credentials if update is referred
Submitted: 2001-01-15 10:52 UTC Modified: 2001-11-12 08:24 UTC
From: anders dot ostling at neurope dot ikea dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 4.0.4pl1 OS: Linux 2.2.18
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: anders dot ostling at neurope dot ikea dot com
New email:
PHP Version: OS:

 

 [2001-01-15 10:52 UTC] anders dot ostling at neurope dot ikea dot com
We have a replicated LDAP tree. If I add entries to a replica, AND specify a DN and password, the add operation gets referred (correctly) to the master/supplier server, but the credentials are lost. This is reproducable.
I have OpenLDAP libs 2.0.6 installed and is using Netscape 4.12 Dir server.

If required, I have a complete network trace (from ethereal) that shows all ldap packets.

Best regards

Anders

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-12 08:24 UTC] venaas@php.net
This is correct behavior. It is done in the LDAP library,
it's not something PHP can fix. There are however two
possible solutions.

The first one is to turn off automatic referral chasing,
which can be done using
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
Next you need to somehow see what referral you get back.
I'm not exactly sure how to do that right now, and some
PHP code might have to be tweaked. If you want this
solution, I'll do some digging and come up with something
for you.

The other possibility is to use automatic referral
chasing, but set a rebind procedure that can do the
bind to the new server. This is something I'm looking
into now, but it will probably only be implemented for
OpenLDAP 2.1 and newer which should be released in a
few months time. It is very complicated to implement it
for 2.0, so I would rather wait.

I'm closing this now since it's not a bug, but please
contact me if you want me to find a solution.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Oct 06 17:05:51 2022 UTC