ID: 35611 User updated by: bfg at frost dot ath dot cx Reported By: bfg at frost dot ath dot cx Status: Bogus Bug Type: LDAP related Operating System: linux PHP Version: 5.1.1 New Comment:
... well, the fact is, that i haven't found any way to authenticate against my ldap directory without that patch... Well, when i specify -I option when running ldapsearch i can specify authz_id from interactive prompt. The fact is, that when i specify authz_id as an function argument when calling ldap_sasl_bind(), it is *not* passed to SASL as authz_id, but bind dn is passed as authz_id instead... I believe that this is wrong. Well, if i'm doing something wrong somewhere, please let me know. I've read those openldap documents before i decided to patch php interpreter. But i still cannot understand why it is wrong to expect that sasl will use $authz_id as sasl authzd_id and not ldap bind dn if i explicitly specify $authz_id... Best regards, Brane Previous Comments: ------------------------------------------------------------------------ [2005-12-12 23:55:38] [EMAIL PROTECTED] And this is a good read too: http://www.openldap.org/devel/admin/guide.html#Using%20SASL It explains what you are doing wrong. ------------------------------------------------------------------------ [2005-12-12 23:33:35] [EMAIL PROTECTED] Also, FYI: -X authzid SASL authorization identity ("dn:<dn>" or "u:<user>") (that's from ldapsearch -h output) ------------------------------------------------------------------------ [2005-12-12 23:27:11] [EMAIL PROTECTED] The authzid is passed with -X option, thus you're not doing the same as you're doing with the script. ------------------------------------------------------------------------ [2005-12-12 09:40:50] bfg at frost dot ath dot cx $ ldapsearch -h hostname.example.org -D "uid=bfg,ou=users,ou=unix,ou=production,dc=noviforum,dc=si" -Y PLAIN -I Entered SASL auth username: "bfg" The same result with: USER="bfg" ldapsearch -h hostname.example.org -D "uid=bfg,ou=users,ou=unix,ou=production,dc=noviforum,dc=si" -Y PLAIN :) ------------------------------------------------------------------------ [2005-12-11 23:27:58] [EMAIL PROTECTED] Exactly how did you call ldapsearch program to get those results..? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/35611 -- Edit this bug report at http://bugs.php.net/?id=35611&edit=1