ID: 39291 Updated by: [EMAIL PROTECTED] Reported By: lee dot essen at nowonline dot co dot uk -Status: Open +Status: Feedback Bug Type: LDAP related Operating System: Solaris 10 PHP Version: 5.1.6 New Comment:
Please provide a patch and we'll review it. Previous Comments: ------------------------------------------------------------------------ [2006-12-13 16:41:31] tregi at inwind dot it Hy, I am not an LDAP, PHP or SASL expert too, but i'm experiencing the same problem in using ldap_sasl_bind function. Using ldapsearch i can bind my LDAP server (Active Directory) only with -U option (authcid). My server has, i suppose, empty authorization and strong authentication. I try to use DIGEST-MD5 and it works with ldapsearch, but does not with php. So, i would appreciate your help; maybe your patch can solve my problem. Thanks. ------------------------------------------------------------------------ [2006-10-28 14:44:11] lee dot essen at nowonline dot co dot uk Description: ------------ ** Caveat: I am not an LDAP, PHP or SASL expert, so I could be a long way off the mark here ** This is similar to bug 35611 (which is marked as Bogus!) and related to 30189, but I believe the problem is with authcid and not authzid. ldap_sasl_bind sends the binddn as the authcid, this behaviour differs to the standard ldapsearch etc utilities when using "-U" to send a username. This basically means that I cannot get it to bind to my ldap server, looking at the slapd debug it seems to send a username like... username="cn=My Name,ou=People,..." ... when I look at the debug from using an ldapsearch -U it gets a username="shortname" type output. By hacking the code to add another option (authcid) to the php ldap_sasl_bind function and sending that for the authcid instead of binddn everything works perfectly. A simple example is that you don't need to provide a BindDN to ldapsearch if you use -U, this is because the username will be mapped by the authz-regex to a real object. If you don't specify a binddn with PHP you get a "SASL bind in progress" error, and if you just specify a username then it fails with "invalid dn". (I can provide a very simple patch that fixes the problem if it helps) Reproduce code: --------------- See description above. Expected result: ---------------- See description above. Actual result: -------------- See description above. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39291&edit=1
