ID: 34482 User updated by: zbowden at vt dot edu Reported By: zbowden at vt dot edu Status: Assigned Bug Type: LDAP related Operating System: Windows 2003 -PHP Version: 5CVS-2005-09-12 (snap) +PHP Version: 4.4.1 Assigned To: edink New Comment:
just tested this in 4.4.1 and I see the same behavior that I see in 5.1.1 (i.e. can't connect to server via ldaps). Previous Comments: ------------------------------------------------------------------------ [2005-12-19 17:31:38] pbarabe at paddyworks dot com I've been experiencing essentially the same problems as zbowden when upgrading from PHP 5.0.4 to 5.1.1 on Win2003/Apache 2.0.49/ISAPI. ldap_bind() breaks (returns message "Can't contact LDAP server". Replacing libeay32.dll and ssleay32.dll with those distributed with 5.1.1 does not fix the problem, though I can confirm that ldap_bind in PHP 5.0.4 still works with the new dlls. ------------------------------------------------------------------------ [2005-11-28 22:13:17] zbowden at vt dot edu just some additional information: if I try to use the ldap_start_tls() function I now get "Unable to start TLS: Not Supported" maybe an error in the build process (i.e. not turning on TLS and or LDAPS)? ------------------------------------------------------------------------ [2005-11-28 20:22:56] zbowden at vt dot edu Just a brief update: in 5.1.1 LDAPS URI's still don't work; the workaround I had for 5.0.5 doesn't work any longer either as we saw in the recent snapshots. I no longer get an access violation, however I cannot get a connection. Bbuie is correct, the problem doesn't actually present itself on the ldap_connect function, rather on the subsequent bind, search, etc. I think the problem may be in the newer versions of openssl. What's leading me to this is that when I do a filemon trace as I execute a php script I can see it reading the conf file however it will never try to read or create the c:\.rnd file like it used to .. according to the openssl changelog I see this: "In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME.Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. " I've tried setting a RANDFILE env variable and that didn't help; I've also tried setting the TLS_RANDFILE in the ldap.conf file but that didn't seem to have any effect either. ------------------------------------------------------------------------ [2005-10-31 20:30:06] zbowden at vt dot edu Just an additional idea/comment. If I go to 5.0.5 and replace the libeay32.dll and ssleay32.dll files with the ones included with the 5.0.4 release everything works fine. ------------------------------------------------------------------------ [2005-10-27 17:25:23] zbowden at vt dot edu tried the latest snapshot; I not longer get the access violation, however I cannot connect to any ldap server via LDAPS URI (says it can't contact server). I did use ntfilemon to make sure the ldap.conf (and ldaprc) files were being read and they are. Not sure where the problem is though? I rolled back to the release version of 5.0.4 just to be sure it would still work and I can connect & bind to the ldap servers via LDAPS (& start_tls). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34482 -- Edit this bug report at http://bugs.php.net/?id=34482&edit=1