ID: 13278
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Open
Bug Type: LDAP related
Operating System: Solaris 7
PHP Version: 4.0.6
Old Assigned To: venaas
Assigned To:
New Comment:
I tried to use ldap_open first, I believe, but it didn't
work as far as I remember. The problem is that ldap_open
already opens a connection and then you can't change the
protocol anymore for obvious reasons. With ldap_init the
connection is delayed until the first ldap operation so
you can easily change the protocol to enforce V3.
Regarding the ldap_set_option function, I detected that
later. I was just too lazy to change my php application
again. I can try to use ldap_set_option in my php
application but I'm afraid we'll need ldap_init.
Previous Comments:
------------------------------------------------------------------------
[2001-09-16 06:16:44] [EMAIL PROTECTED]
We need the function, but we can't force v3, and we
can't use ldap_init() for everyone either.
The version can be forced by the user by doing
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
before using your function.
Can you check if your code works if you do no changes
except adding the function, and set the version like
I suggest above?
------------------------------------------------------------------------
[2001-09-12 22:00:36] [EMAIL PROTECTED]
I would like to have my ldap connections encrypted so I added the function
ldap_start_tls to the ldap module. Following is the diff:
--- ./ext/ldap/ldap.c.orig Wed Sep 12 15:53:24 2001
+++ ./ext/ldap/ldap.c Wed Sep 12 16:03:00 2001
@@ -69,6 +69,9 @@
PHP_FE(ldap_connect,
NULL)
PHP_FALIAS(ldap_close, ldap_unbind, NULL)
PHP_FE(ldap_bind,
NULL)
+#if LDAP_API_VERSION > 2000
+ PHP_FE(ldap_start_tls,
NULL)
+#endif
PHP_FE(ldap_unbind,
NULL)
PHP_FE(ldap_read,
NULL)
PHP_FE(ldap_list,
NULL)
@@ -385,12 +388,22 @@
} else
#endif
{
- ldap = ldap_open(host,port);
+ ldap = ldap_init(host,port);
}
if ( ldap == NULL ) {
RETURN_FALSE;
} else {
+#if LDAP_API_VERSION > 2000
+ int version = LDAP_VERSION3;
+ int rc;
+
+ rc = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (rc != LDAP_OPT_SUCCESS) {
+ php_error(E_WARNING, "Could not set protocol version 3 (%d):
+%s\n", rc, ldap_err2string(rc));
+ RETURN_FALSE;
+ }
+#endif
#ifdef HAVE_ORALDAP
if (ssl) {
if (ldap_init_SSL(&ldap->ld_sb, wallet, walletpasswd,
@@ -510,6 +523,31 @@
}
#endif
+
+#if LDAP_API_VERSION > 2000
+/* {{{ proto int ldap_start_tls(int link)
+ Start TLS */
+PHP_FUNCTION(ldap_start_tls)
+{
+ pval **link;
+ LDAP *ldap;
+
+ if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == FAILURE) {
+ WRONG_PARAM_COUNT;
+ }
+
+ ldap = _get_ldap_link(link);
+ if (ldap == NULL) RETURN_FALSE;
+
+ if (ldap_start_tls_s(ldap, NULL, NULL) != LDAP_SUCCESS) {
+ php_error(E_WARNING,"LDAP: Unable to start TLS:
+%s",ldap_err2string(_get_lderrno(ldap)));
+ RETURN_FALSE;
+ } else {
+ RETURN_TRUE;
+ }
+}
+/* }}} */
+#endif
/* {{{ proto int ldap_bind(int link [, string dn, string password])
Bind to LDAP directory */
--- ./ext/ldap/php_ldap.h.orig Wed Sep 12 16:04:27 2001
+++ ./ext/ldap/php_ldap.h Wed Sep 12 16:05:14 2001
@@ -39,6 +39,10 @@
PHP_FUNCTION(ldap_connect);
+#if LDAP_API_VERSION > 2000
+PHP_FUNCTION(ldap_start_tls);
+#endif
+
PHP_FUNCTION(ldap_bind);
PHP_FUNCTION(ldap_unbind);
The usage should be obvious, it takes just one argument, the ldap connection handle.
I'm using Openldap 2.0.7 with php and this function works great with it. I didn't test
whether this patch breaks other ldap toolkits. One problem could be that I force the
use of ldap-v3 so that should probably be an option somewhere (maybe an option to
ldap_open or so).
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=13278&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
