ID: 34482 User updated by: zbowden at vt dot edu Reported By: zbowden at vt dot edu Status: Assigned Bug Type: LDAP related Operating System: Windows 2003 PHP Version: 5CVS-2005-09-12 (snap) Assigned To: edink New Comment:
Just a brief update: in 5.1.1 LDAPS URI's still don't work; the workaround I had for 5.0.5 doesn't work any longer either as we saw in the recent snapshots. I no longer get an access violation, however I cannot get a connection. Bbuie is correct, the problem doesn't actually present itself on the ldap_connect function, rather on the subsequent bind, search, etc. I think the problem may be in the newer versions of openssl. What's leading me to this is that when I do a filemon trace as I execute a php script I can see it reading the conf file however it will never try to read or create the c:\.rnd file like it used to .. according to the openssl changelog I see this: "In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME.Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. " I've tried setting a RANDFILE env variable and that didn't help; I've also tried setting the TLS_RANDFILE in the ldap.conf file but that didn't seem to have any effect either. Previous Comments: ------------------------------------------------------------------------ [2005-11-09 02:24:20] bbuie at csuchico dot edu I'm using Windows 2003/Apache 2.0.55/Openssl 0.9.8a with the same type of problem. However, it appears that it is the ldap_bind() function that causes the error/lock up (I perform a ldap_connect() then a ldap_set_option() then a ldap_bind(), then a ldap_close()). If I comment out the ldap_bind() call then the script completes without error or lockup. Just using PHP from a command line I get the following results: PHP 5.0.4 works fine; 5.0.5 gives an access violation with libeay32.dll; and the latest snap shot version locks up (it doesn't comsume cpu cycles but it just sits there forever). If I copy the 5.0.4 dll's to the 5.0.5 version it works, but the 5.0.4 dll's don't work for the latest snap shot. Also a non-secure (port 389) ldap connection on all three versions works just fine: it connects, binds, searchs, and disconnects just fine. The only other thing I can add is that I tried is using the libeay32.dll and ssleay32.dll from the Apache/bin folder for php, that creates an access violation with php5ts.dll. ------------------------------------------------------------------------ [2005-10-31 20:31:14] zbowden at vt dot edu However, if I try to go with the most recent snapshot and replace those dll's it still doesn't work. I don't get the access violation, but I can never connect to the ldap server. ------------------------------------------------------------------------ [2005-10-31 20:30:06] zbowden at vt dot edu Just an additional idea/comment. If I go to 5.0.5 and replace the libeay32.dll and ssleay32.dll files with the ones included with the 5.0.4 release everything works fine. ------------------------------------------------------------------------ [2005-10-27 17:25:23] zbowden at vt dot edu tried the latest snapshot; I not longer get the access violation, however I cannot connect to any ldap server via LDAPS URI (says it can't contact server). I did use ntfilemon to make sure the ldap.conf (and ldaprc) files were being read and they are. Not sure where the problem is though? I rolled back to the release version of 5.0.4 just to be sure it would still work and I can connect & bind to the ldap servers via LDAPS (& start_tls). ------------------------------------------------------------------------ [2005-10-24 01:14:59] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34482 -- Edit this bug report at http://bugs.php.net/?id=34482&edit=1