View Issue Details

IDProjectCategoryView StatusLast Update
0000295PHP 5.x for OS/2 & eComStationFeature Requestpublic2008-11-30 05:04
ReporterLewisRAssigned Topsmedley 
PrioritynormalSeverityminorReproducibilityN/A
Status assignedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0000295: Build PHP with LDAP support
DescriptionNot sure whether we need the dll (as per Win32) or whether PHP5 can be compiled --with-ldap (as per *nix), but I've recently run into a situation where LDAP support would be a big resource saver for me, as I'd be able to authenticate against my eDirectory back end instead of having to maintain a separate user db in MySQL for MediaWiki.
TagsNo tags attached.

Activities

psmedley

2008-11-29 13:09

administrator   ~0001043

looking at this now :)

psmedley

2008-11-29 13:40

administrator   ~0001044

Please try http://smedley.info/php-5.2.6-os2-20081129.zip

LewisR

2008-11-29 16:12

developer   ~0001047

On my list for first thing tomorrow, Paul; thanks. ;-)

LewisR

2008-11-30 04:53

developer   ~0001048

Well, we're definitely halfway there. The problem is that I'm not sure if the issue is in my php code or with the ldap module (though I suspect the latter).

The issue concerns the binding.

While my main goal is to authenticate against eDirectory running on NetWare 6.5 SP7, the LDAP trace screen on the server is not of as much use as the monitor under CommuniGate Pro. So, using a very simple test (code, below), I attempted to bind using my own user account whcih appears to have been successful:

13:08:20.950 5 LDAP [0.0.0.0]:389 <- [127.0.0.1]:50168 connection request. socket=12763
13:08:20.950 5 LDAP new VStream created, n=1
13:08:20.950 5 LDAP stream thread started
13:08:20.950 4 LDAP-000016([127.0.0.1]) got connection on [127.0.0.1]:389(2rosenthals.com) from [127.0.0.1]:50168
13:08:20.950 5 LDAP-000016([127.0.0.1]) inp: SEQ(33) 02 01 01 60 1C 02 01 03 04 0B 6C 67 72 6F 73 65 6E 74 68 61 6C 80 0A 72 61 63 68 65 6C 31 32 32 33
13:08:20.950 4 LDAP-000016([127.0.0.1]) BINDing as 'lgrosenthal'
13:08:20.950 2 LDAP-000016([127.0.0.1]) 'lgrosenthal@2rosenthals.com' connected from [127.0.0.1]:50168
13:08:20.950 4 LDAP-000016([127.0.0.1]) Logged in as uid=lgrosenthal,cn=2rosenthals.com,o=rr. authType=0
13:08:20.950 5 LDAP-000016([127.0.0.1]) out: 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00
13:08:20.950 5 LDAP-000016([127.0.0.1]) inp: SEQ(5) 02 01 02 42 00
13:08:20.950 4 LDAP-000016([127.0.0.1]) disconnecting
13:08:20.950 2 LDAP-000016([127.0.0.1]) 'lgrosenthal@2rosenthals.com' disconnected ([127.0.0.1]:50168)
13:08:20.950 4 LDAP-000016([127.0.0.1]) closing connection
13:08:20.950 4 LDAP-000016([127.0.0.1]) releasing stream
13:08:22.790 5 LDAP [0.0.0.0]:389 <- [127.0.0.1]:50169 connection request. socket=12765
13:08:22.790 4 LDAP-000017([127.0.0.1]) got connection on [127.0.0.1]:389(2rosenthals.com) from [127.0.0.1]:50169
13:08:22.790 5 LDAP-000017([127.0.0.1]) inp: SEQ(33) 02 01 01 60 1C 02 01 03 04 0B 6C 67 72 6F 73 65 6E 74 68 61 6C 80 0A 72 61 63 68 65 6C 31 32 32 33
13:08:22.790 4 LDAP-000017([127.0.0.1]) BINDing as 'lgrosenthal'
13:08:22.800 2 LDAP-000017([127.0.0.1]) 'lgrosenthal@2rosenthals.com' connected from [127.0.0.1]:50169
13:08:22.800 4 LDAP-000017([127.0.0.1]) Logged in as uid=lgrosenthal,cn=2rosenthals.com,o=rr. authType=0
13:08:22.800 5 LDAP-000017([127.0.0.1]) out: 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00
13:08:22.810 5 LDAP-000017([127.0.0.1]) inp: SEQ(5) 02 01 02 42 00
13:08:22.810 4 LDAP-000017([127.0.0.1]) disconnecting
13:08:22.810 2 LDAP-000017([127.0.0.1]) 'lgrosenthal@2rosenthals.com' disconnected ([127.0.0.1]:50169)
13:08:22.810 4 LDAP-000017([127.0.0.1]) closing connection
13:08:22.810 4 LDAP-000017([127.0.0.1]) releasing stream
13:08:37.830 5 LDAP stream thread finished

The script returned "Binding failed."

Then, I changed the username & password to a nonexistent user, Fred:

13:10:13.300 5 LDAP [0.0.0.0]:389 <- [127.0.0.1]:50188 connection request. socket=12790
13:10:13.300 5 LDAP new VStream created, n=1
13:10:13.310 5 LDAP stream thread started
13:10:13.310 4 LDAP-000018([127.0.0.1]) got connection on [127.0.0.1]:389(2rosenthals.com) from [127.0.0.1]:50188
13:10:13.310 5 LDAP-000018([127.0.0.1]) inp: SEQ(21) 02 01 01 60 10 02 01 02 04 04 66 72 65 64 80 05 65 74 68 65 6C
13:10:13.310 4 LDAP-000018([127.0.0.1]) BINDing as 'fred'
13:10:13.310 1 LDAP-000018([127.0.0.1]) failed to open 'fred'. Connection from [127.0.0.1]:50188. Error Code=unknown user account
13:10:15.330 1 LDAP-000018([127.0.0.1]) BIND failed. Error Code=incorrect password or account name
13:10:15.330 5 LDAP-000018([127.0.0.1]) out: 30 2E 02 01 01 61 29 0A 01 31 04 00 04 22 69 6E 63 6F 72 72 65 63 74 20 70 61 73 73 77 6F 72 64 20 6F 72 20 61 63 63 6F 75 6E 74 20 6E 61 6D 65
13:10:15.330 5 LDAP-000018([127.0.0.1]) inp: SEQ(5) 02 01 02 42 00
13:10:15.330 4 LDAP-000018([127.0.0.1]) disconnecting
13:10:15.330 4 LDAP-000018([127.0.0.1]) closing connection
13:10:15.330 4 LDAP-000018([127.0.0.1]) releasing stream

Correctly, the script returned that the binding failed.

Here is the code which produces the error:

// using ldap bind
$ldaprdn = 'validuser'; // ldap rdn or dn
$ldappass = 'validpassword'; // associated password

// connect to ldap server
$ldapconn = ldap_connect("localhost")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // verify binding
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }

}

?>

A slightly more complicated snippet (from php.net itself):

<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect('192.168.100.1'); // must be a valid LDAP server!
echo "connect result is " . $ds . "
";

if ($ds) {
    echo "Binding ...";
    $r=ldap_bind($ds); // this is an "anonymous" bind, typically
                           // read-only access
    echo "Bind result is " . $r . "
";

    echo "Searching for (uid=L*) ...";
    // Search surname entry
    $sr=ldap_search($ds, "ou=New_York,o=RR", "uid=L*");
    echo "Search result is " . $sr . "
";

    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "
";

    echo "Getting entries ...

";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:

";

    for ($i=0; $i<$info["count"]; $i++) {
        echo "dn is: " . $info[$i]["dn"] . "
";
        echo "first cn entry is: " . $info[$i]["cn"][0] . "
";
        echo "first email entry is: " . $info[$i]["mail"][0] . "
<hr />";
    }

    echo "Closing connection";
    ldap_close($ds);

} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
?>

returns the following in the browser:

LDAP query test
Connecting ...connect result is Resource id 0000002
Binding ...Bind result is
Searching for (uid=L*) ...Search result is
Number of entires returned is
Getting entries ...

Data for items returned:

Closing connection

(Note the lack of the bind result. This is an anonymous bind - which does work against my NetWare box - yet I'm not seeing it as successful, here.)

I believe I have LDAP support in the php build I'm running on NetWare. I'll try these same scripts there, and follow up with results.

Thanks for your time & effort, Paul. Greatly appreciated.

LewisR

2008-11-30 05:04

developer   ~0001049

As I suspected, running on NetWare (Apache 2.2.6, PHP 4.4.0 - as module), the above scripts work as expected (changed LDAP server to NetWare IP):

LDAP query test
Connecting ...connect result is Resource id 0000002
Binding ...Bind result is 1
Searching for (uid=L*) ...Search result is Resource id 0000003
Number of entires returned is 2
Getting entries ...

Data for 2 items returned:

dn is: cn=Lance,ou=VIRGINIA,o=RR
first cn entry is:
first email entry is:
dn is: cn=Lewis,ou=NEW_YORK,o=RR
first cn entry is:
first email entry is: lgrosenthal@2rosenthals.com
Closing connection

With LDAP server pointing to CommuniGate Pro, this binding also works (though I have anonymous reads turned off, so no results are returned).

BTW, I get the same results when specifying clear vs (the default) tls.

Issue History

Date Modified Username Field Change
2008-11-29 09:25 LewisR New Issue
2008-11-29 12:58 psmedley Status new => assigned
2008-11-29 12:58 psmedley Assigned To => psmedley
2008-11-29 13:09 psmedley Note Added: 0001043
2008-11-29 13:40 psmedley Note Added: 0001044
2008-11-29 16:12 LewisR Note Added: 0001047
2008-11-30 04:53 LewisR Note Added: 0001048
2008-11-30 05:04 LewisR Note Added: 0001049