ID: 34482
User updated by: zbowden at vt dot edu
Reported By: zbowden at vt dot edu
Status: Assigned
Bug Type: LDAP related
Operating System: Windows 2003
-PHP Version: 5CVS-2005-09-12 (snap)
+PHP Version: 4.4.1
Assigned To: edink
New Comment:
just tested this in 4.4.1 and I see the same behavior that I see in
5.1.1 (i.e. can't connect to server via ldaps).
Previous Comments:
------------------------------------------------------------------------
[2005-12-19 17:31:38] pbarabe at paddyworks dot com
I've been experiencing essentially the same problems as zbowden when
upgrading from PHP 5.0.4 to 5.1.1 on Win2003/Apache 2.0.49/ISAPI.
ldap_bind() breaks (returns message "Can't contact LDAP server".
Replacing libeay32.dll and ssleay32.dll with those distributed with
5.1.1 does not fix the problem, though I can confirm that ldap_bind in
PHP 5.0.4 still works with the new dlls.
------------------------------------------------------------------------
[2005-11-28 22:13:17] zbowden at vt dot edu
just some additional information: if I try to use the ldap_start_tls()
function I now get
"Unable to start TLS: Not Supported"
maybe an error in the build process (i.e. not turning on TLS and or
LDAPS)?
------------------------------------------------------------------------
[2005-11-28 20:22:56] zbowden at vt dot edu
Just a brief update: in 5.1.1 LDAPS URI's still don't work; the
workaround I had for 5.0.5 doesn't work any longer either as we saw in
the recent snapshots. I no longer get an access violation, however I
cannot get a connection.
Bbuie is correct, the problem doesn't actually present itself on the
ldap_connect function, rather on the subsequent bind, search, etc.
I think the problem may be in the newer versions of openssl. What's
leading me to this is that when I do a filemon trace as I execute a php
script I can see it reading the conf file however it will never try to
read or create the c:\.rnd file like it used to .. according to the
openssl changelog I see this:
"In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in
the current directory if neither $RANDFILE nor $HOME was set.
RAND_file_name() in 0.9.6a returned NULL in this case. This has caused
some confusion to Windows users who haven't defined $HOME.Thus
RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME,
which will be used if $HOME is not set. For Windows, we use "C:"; on
other platforms, we still require environment variables.
"
I've tried setting a RANDFILE env variable and that didn't help; I've
also tried setting the TLS_RANDFILE in the ldap.conf file but that
didn't seem to have any effect either.
------------------------------------------------------------------------
[2005-10-31 20:30:06] zbowden at vt dot edu
Just an additional idea/comment. If I go to 5.0.5 and replace the
libeay32.dll and ssleay32.dll files with the ones included with the
5.0.4 release everything works fine.
------------------------------------------------------------------------
[2005-10-27 17:25:23] zbowden at vt dot edu
tried the latest snapshot; I not longer get the access violation,
however I cannot connect to any ldap server via LDAPS URI (says it
can't contact server).
I did use ntfilemon to make sure the ldap.conf (and ldaprc) files were
being read and they are. Not sure where the problem is though? I rolled
back to the release version of 5.0.4 just to be sure it would still work
and I can connect & bind to the ldap servers via LDAPS (& start_tls).
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/34482
--
Edit this bug report at http://bugs.php.net/?id=34482&edit=1
