Bug #50270 [Com]: ldap_start_tls problem
Edit report at https://bugs.php.net/bug.php?id=50270&edit=1 ID: 50270 Comment by: omar dot piani at gmail dot com Reported by:jcarlos at dsi dot uclm dot es Summary:ldap_start_tls problem Status: Open Type: Bug Package:LDAP related Operating System: windows PHP Version:5.3.1 Block user comment: N Private report: N New Comment: I was stucked with this: https://bugs.php.net/bug.php?id=48866 the solution is move the ldap.conf to c:\ Previous Comments: [2010-08-12 00:33:28] steve at maraspin dot net I am also experiencing the same problem with PHP 5.3.2, bundled in Zend Server CE. I've tried invoking following script both from the cli and apache on CentOS 5.5 64 bit and it fails on both cases. Following error message appears: Warning: ldap_start_tls(): Unable to start TLS: Not Supported in /tmp/script.php on line 7 On same machine, the same script, interpreted by a PHP 5.1.6 (cli) interpreter (obtained from CentOS yum repository, php package) works well. Both php binaries are compiled for 64 bit. ldap://myhost";; $ds=ldap_connect($ldap,389); $ldapbind=false; if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) { if(ldap_start_tls($ds)) { $ldapbind = ldap_bind($ds, "cn=username, dc=x, dc=y", "password" ); if ($ldapbind) { echo "ok"; } else { echo "ko tls"; } } else { echo "no tls"; } } else echo "no option"; } else { echo "no version"; } ldap_close($ds); [2009-12-01 11:12:34] jcarlos at dsi dot uclm dot es I have tested in linux Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2 INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX === I'm not an expert, but it works. 1)I have installed ubuntu 9.10 desktop 2)Packages: apt-get install apache2 apt-get install libapache2-mod-php5 apt-get install libldap-2.4-2 apt-get install ldap-utils apt-get install libsasl2-modules-ldap apt-get install openssl apt-get install libsasl2-2 apt-get install libkrb5-3 apt-get install kbr5-config apt-get install kbr5-user apt-get install php5-ldap apt-get install php5-sasl apt-get install php5-auth-pam 3)Put the PEM certificate. cd /etc/ldap mkdir certs copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem NOTE:webcert.crt rename to mycert.pem. It's the same 4)Edit the file /etc/ldap/ldap.conf and Add: TLS_REQCERT never TLS_CACERT /etc/ldap/certs/mycert.pem 5)Create file /var/www/ldaptlstest.php: 6)Restart the server: /etc/init.d/apache2 restart 7)Open Firefox and write: http://localhost/ldaptlstest.php ;) Works fine [2009-11-27 09:19:01] jcarlos at dsi dot uclm dot es In Step 1, I have downloaded the certificate the the url https://www.myDomain.com [2009-11-26 11:05:18] paj...@php.net Moving to the "to be documented" state, it could be very usefull to have this info in the ldap documentation. [2009-11-26 10:54:10] jcarlos at dsi dot uclm dot es A little manual, for a easy configuration INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS == My configuration: Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 NOTE 1: At the momment, the versión 5.3.1 fail with tls NOTE 2: This example works on windows, but in linux is similar 1) Download the Certificate X.509 (PEM format) from a web browser, I used Firefox. I put the name webcert.crt 2) Create the folder c:\openldap\sysconf 3) Copy the file webcert.crt to c:\openldap\sysconf 4) With notepad you must create the file c:\openldap\sysconf\ldap.conf file. The file contents: TLS_REQCERT never TLS_CACERT c:\openldap\sysconf\webcert.crt 5) The code: The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=50270 -- Edit this bug report at https://bugs.php.net/bug.php?id=50270&edit=1
Bug #50270 [Com]: ldap_start_tls problem
Edit report at http://bugs.php.net/bug.php?id=50270&edit=1 ID: 50270 Comment by: steve at maraspin dot net Reported by:jcarlos at dsi dot uclm dot es Summary:ldap_start_tls problem Status: To be documented Type: Bug Package:LDAP related Operating System: windows PHP Version:5.3.1 Block user comment: N New Comment: I am also experiencing the same problem with PHP 5.3.2, bundled in Zend Server CE. I've tried invoking following script both from the cli and apache on CentOS 5.5 64 bit and it fails on both cases. Following error message appears: Warning: ldap_start_tls(): Unable to start TLS: Not Supported in /tmp/script.php on line 7 On same machine, the same script, interpreted by a PHP 5.1.6 (cli) interpreter (obtained from CentOS yum repository, php package) works well. Both php binaries are compiled for 64 bit. ldap://myhost";; $ds=ldap_connect($ldap,389); $ldapbind=false; if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) { if(ldap_start_tls($ds)) { $ldapbind = ldap_bind($ds, "cn=username, dc=x, dc=y", "password" ); if ($ldapbind) { echo "ok"; } else { echo "ko tls"; } } else { echo "no tls"; } } else echo "no option"; } else { echo "no version"; } ldap_close($ds); Previous Comments: [2009-12-01 11:12:34] jcarlos at dsi dot uclm dot es I have tested in linux Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2 INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX === I'm not an expert, but it works. 1)I have installed ubuntu 9.10 desktop 2)Packages: apt-get install apache2 apt-get install libapache2-mod-php5 apt-get install libldap-2.4-2 apt-get install ldap-utils apt-get install libsasl2-modules-ldap apt-get install openssl apt-get install libsasl2-2 apt-get install libkrb5-3 apt-get install kbr5-config apt-get install kbr5-user apt-get install php5-ldap apt-get install php5-sasl apt-get install php5-auth-pam 3)Put the PEM certificate. cd /etc/ldap mkdir certs copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem NOTE:webcert.crt rename to mycert.pem. It's the same 4)Edit the file /etc/ldap/ldap.conf and Add: TLS_REQCERT never TLS_CACERT /etc/ldap/certs/mycert.pem 5)Create file /var/www/ldaptlstest.php: 6)Restart the server: /etc/init.d/apache2 restart 7)Open Firefox and write: http://localhost/ldaptlstest.php ;) Works fine [2009-11-27 09:19:01] jcarlos at dsi dot uclm dot es In Step 1, I have downloaded the certificate the the url https://www.myDomain.com [2009-11-26 11:05:18] paj...@php.net Moving to the "to be documented" state, it could be very usefull to have this info in the ldap documentation. [2009-11-26 10:54:10] jcarlos at dsi dot uclm dot es A little manual, for a easy configuration INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS == My configuration: Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 NOTE 1: At the momment, the versión 5.3.1 fail with tls NOTE 2: This example works on windows, but in linux is similar 1) Download the Certificate X.509 (PEM format) from a web browser, I used Firefox. I put the name webcert.crt 2) Create the folder c:\openldap\sysconf 3) Copy the file webcert.crt to c:\openldap\sysconf 4) With notepad you must create the file c:\openldap\sysconf\ldap.conf file. The file contents: TLS_REQCERT never TLS_CACERT c:\openldap\sysconf\webcert.crt 5) The code: [2009-11-24 10:44:19] jcarlos at dsi dot uclm dot es I have tested with: Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 (works fine) Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.3.1 (same error) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php