Edit report at https://bugs.php.net/bug.php?id=51638&edit=1
ID: 51638
Updated by: m...@php.net
Reported by: marco at forgetaboutit dot net
Summary: LDAP and Referrals
-Status: Open
+Status: Feedback
Type: Bug
Package: LDAP related
Operating System: ALL
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
What LDAP library do you use? Does it support referrals?
Previous Comments:
------------------------------------------------------------------------
[2011-02-26 20:19:04] marco at forgetaboutit dot net
I have now spent quite a lot of time working on this issue, and looking at
tcpdumps it is very clear that there are major issues in the way php handles
add, modify and delete referrals. I believe this is due to the fact that the
tests used to validate the code are also wrong, so the code is believed to be
good, when it isn't. I will be submitting an alternative way of doing referrals
by switching off the php method and doing it with three new functions which I
will post on the ldap_set_rebind_proc documentation page once I know it is at
least working. I do not have enough skills to work on php source code but would
be more than happy to assist a programmer with little or no ldap knowledge if
that would help.
------------------------------------------------------------------------
[2010-10-23 15:26:14] ka...@php.net
After reviewing this bug some more, it looks more to me like its an actual
issue in the ldap extension in PHP, so moving it to that category where
hopefully one of the maintainers can pick it up and decide if its indeed an
issue in the ldap extension or lacking documentation.
------------------------------------------------------------------------
[2010-07-20 15:40:35] art dot vanscheppingen at spilgames dot com
We have the exact same problem.
Referrals do work correctly using the cli ldapmodify and with the exact same
setup it doesn't work under PHP.
I tried setting the LDAP_OPT_REFERRALS to either 1, LDAP_OPT_ON and true, but
neither of them resulted in anything else than the default -1. Setting the
value to 0 does have effect though, but doesn't do anything either.
I set the LDAP server to a read only server, but that resulted in a LDAP error.
------------------------------------------------------------------------
[2010-05-21 17:54:05] marco at forgetaboutit dot net
Doing some monitoring with TCPDUMP, I can confirm that the local LDAP server is
returning the correct referral information, and then the web server is
performing a DNS lookup on the ldap referral URL. Then it would seem that PHP
just tries the localhost again without running the procedure specified in
ldap_set_rebind_proc.
------------------------------------------------------------------------
[2010-04-22 19:07:20] marco at forgetaboutit dot net
Description:
------------
I am trying to get a php application to follow ldap referrals, specifically
when the local server is a slave, and is used as a read-only server for
performance reasons, but has to write to a master server in order to add,
modify or delete records.
As far as I can tell all I need are three things.
A) Set LDAP_OPT_REFERRALS to 1 using ldap_set_options()
B) Set a callback function using ldap_set_rebind_proc()
C) Create a very simple rebind function.
The problem is that there is no documentation on the subject. For example, when
I check LDAP_OPTS_REFERRALS using ldap_get_options(), I get an answer of either
0 (when I set it to 0 or false), and an answer of -1 (minus or dash 1) for any
other setting, including 1 and TRUE, and it appears that the callback function
isn't called.
If someone can explain how it is supposed to work enough for me to get it
working, I am happy to provide documentation / examples
Test script:
---------------
ldap_set_option($LDAP_CON, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($LDAP_CON, rebind_on_referral);
...
function rebind_on_referral ($link_id, $ldap_url) {
$binddn = $_SESSION['ldapab']['binddn'];
$bindpw = $_SESSION['ldapab']['password'];
if (!ldap_bind($link_id,$binddn,$bindpw)) return 1; // Error
else return 0; // Success
}
Expected result:
----------------
callback function should be called, application should rebind to new ldap
server and user should notice nothing
Actual result:
--------------
PHP appears to ignore the referral and ldap_error returns a "referral" message.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=51638&edit=1
