From: Operating system: Ubuntu 10.04 LTS PHP version: 5.3.5 Package: LDAP related Bug Type: Bug Bug description:Secure SSL bind to Active Directory fails
Description: ------------ Attempting to bind to server using SSL returns: Warning: ldap_bind() Unable to bind to server: Can't contact LDAP server while ldap_connect() returns success. Using a non-encrypted channel works, and the server responds on ssl using other libraries, including successful bind. Test script: --------------- <?php $username = 'username'; $password = 'password'; $account_suffix = '@example.com'; $hostnameSSL = 'ldaps://my.example.com:636'; ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Attempting fix from http://www.php.net/manual/en/ref.ldap.php#77553 putenv('LDAPTLS_REQCERT=never'); #################### # SSL bind attempt # #################### // Attempting syntax from http://www.php.net/manual/en/function.ldap-bind.php#101445 $con = ldap_connect($hostnameSSL); if (!is_resource($con)) trigger_error("Unable to connect to $hostnameSSL",E_USER_WARNING); // Options from http://www.php.net/manual/en/ref.ldap.php#73191 if (!ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3)) { trigger_error("Failed to set LDAP Protocol version to 3",E_USER_WARNING); } ldap_set_option($con, LDAP_OPT_REFERRALS, 0); if (ldap_bind($con,$username . $account_suffix, $password)) die('All went well using SSL'); ldap_close($con); Expected result: ---------------- I expected ssl handshake, and secure bind. E.G: >> openssl s_client -connect my.example.com:636 -prexit (...) SSL handshake has read 5732 bytes and written 443 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 1B1500000642E45E5A37A76A804365F5DBB28F6597838808B603BE45A0525CBD Session-ID-ctx: Master-Key: 68F4DB2000D02CA5F19880DABE4602947C344C9E674A285DA3977F78F35610D46F1EA770D64F24D5C7DB5451FFB6895B Key-Arg : None Start Time: 1299071105 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) Actual result: -------------- ldap_create ldap_url_parse_ext(ldaps://my.example.com:636) ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP my.example.com:636 ldap_new_socket: 25 ldap_prepare_socket: 25 ldap_connect_to_host: Trying 1.1.1.1:636 ldap_pvt_connect: fd: 25 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ldap_result ld 0x22620e98 msgid 1 wait4msg ld 0x22620e98 msgid 1 (infinite timeout) wait4msg continue ld 0x22620e98 msgid 1 all 1 ** ld 0x22620e98 Connections: * host: my.example.com port: 636 (default) refcnt: 2 status: Connected last used: Wed Mar 2 13:57:52 2011 ** ld 0x22620e98 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x22620e98 request count 1 (abandoned 0) ** ld 0x22620e98 Response Queue: Empty ld 0x22620e98 response count 0 ldap_chkResponseList ld 0x22620e98 msgid 1 all 1 ldap_chkResponseList returns ld 0x22620e98 NULL ldap_int_select read1msg: ld 0x22620e98 msgid 1 all 1 ldap_err2string [Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP Warning: ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Can't contact LDAP server in /public_html/test.php on line 28 [Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP Stack trace: [Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP 1. {main}() /public_html/test.php:0 [Wed Mar 02 13:57:52 2011] [error] [client ::1] PHP 2. ldap_bind() /public_html/test.php:28 ldap_free_request (origid 1, msgid 1) ldap_free_connection 1 1 ldap_free_connection: actually freed -- Edit bug report at http://bugs.php.net/bug.php?id=54136&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=54136&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=54136&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=54136&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=54136&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=54136&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=54136&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=54136&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=54136&r=needscript Try newer version: http://bugs.php.net/fix.php?id=54136&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=54136&r=support Expected behavior: http://bugs.php.net/fix.php?id=54136&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=54136&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=54136&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=54136&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=54136&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=54136&r=dst IIS Stability: http://bugs.php.net/fix.php?id=54136&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=54136&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=54136&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=54136&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=54136&r=mysqlcfg