#34482 [Com]: LDAP Searches cause Access Violation when connecting via LDAPS
ID: 34482 Comment by: bcline at gptruck dot com Reported By: zbowden at vt dot edu Status: Assigned Bug Type: LDAP related Operating System: Windows 2003 PHP Version: 5.1.1, 4.4.1 Assigned To: edink New Comment: I'm experiencing all of the exact problems zbowden mentions above. Running PHP 5.1.0 with Win2003/IIS6/ISAPI. Previous Comments: [2005-12-22 16:55:42] zbowden at vt dot edu just tested this in 4.4.1 and I see the same behavior that I see in 5.1.1 (i.e. can't connect to server via ldaps). [2005-12-19 17:31:38] pbarabe at paddyworks dot com I've been experiencing essentially the same problems as zbowden when upgrading from PHP 5.0.4 to 5.1.1 on Win2003/Apache 2.0.49/ISAPI. ldap_bind() breaks (returns message "Can't contact LDAP server". Replacing libeay32.dll and ssleay32.dll with those distributed with 5.1.1 does not fix the problem, though I can confirm that ldap_bind in PHP 5.0.4 still works with the new dlls. [2005-11-28 22:13:17] zbowden at vt dot edu just some additional information: if I try to use the ldap_start_tls() function I now get "Unable to start TLS: Not Supported" maybe an error in the build process (i.e. not turning on TLS and or LDAPS)? [2005-11-28 20:22:56] zbowden at vt dot edu Just a brief update: in 5.1.1 LDAPS URI's still don't work; the workaround I had for 5.0.5 doesn't work any longer either as we saw in the recent snapshots. I no longer get an access violation, however I cannot get a connection. Bbuie is correct, the problem doesn't actually present itself on the ldap_connect function, rather on the subsequent bind, search, etc. I think the problem may be in the newer versions of openssl. What's leading me to this is that when I do a filemon trace as I execute a php script I can see it reading the conf file however it will never try to read or create the c:\.rnd file like it used to .. according to the openssl changelog I see this: "In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME.Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. " I've tried setting a RANDFILE env variable and that didn't help; I've also tried setting the TLS_RANDFILE in the ldap.conf file but that didn't seem to have any effect either. [2005-10-31 20:30:06] zbowden at vt dot edu Just an additional idea/comment. If I go to 5.0.5 and replace the libeay32.dll and ssleay32.dll files with the ones included with the 5.0.4 release everything works fine. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34482 -- Edit this bug report at http://bugs.php.net/?id=34482&edit=1
#34482 [Com]: LDAP Searches cause Access Violation when connecting via LDAPS
ID: 34482 Comment by: pbarabe at paddyworks dot com Reported By: zbowden at vt dot edu Status: Assigned Bug Type: LDAP related Operating System: Windows 2003 PHP Version: 5CVS-2005-09-12 (snap) Assigned To: edink New Comment: I've been experiencing essentially the same problems as zbowden when upgrading from PHP 5.0.4 to 5.1.1 on Win2003/Apache 2.0.49/ISAPI. ldap_bind() breaks (returns message "Can't contact LDAP server". Replacing libeay32.dll and ssleay32.dll with those distributed with 5.1.1 does not fix the problem, though I can confirm that ldap_bind in PHP 5.0.4 still works with the new dlls. Previous Comments: [2005-11-28 22:13:17] zbowden at vt dot edu just some additional information: if I try to use the ldap_start_tls() function I now get "Unable to start TLS: Not Supported" maybe an error in the build process (i.e. not turning on TLS and or LDAPS)? [2005-11-28 20:22:56] zbowden at vt dot edu Just a brief update: in 5.1.1 LDAPS URI's still don't work; the workaround I had for 5.0.5 doesn't work any longer either as we saw in the recent snapshots. I no longer get an access violation, however I cannot get a connection. Bbuie is correct, the problem doesn't actually present itself on the ldap_connect function, rather on the subsequent bind, search, etc. I think the problem may be in the newer versions of openssl. What's leading me to this is that when I do a filemon trace as I execute a php script I can see it reading the conf file however it will never try to read or create the c:\.rnd file like it used to .. according to the openssl changelog I see this: "In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has caused some confusion to Windows users who haven't defined $HOME.Thus RAND_file_name() is changed again: e_os.h can define a DEFAULT_HOME, which will be used if $HOME is not set. For Windows, we use "C:"; on other platforms, we still require environment variables. " I've tried setting a RANDFILE env variable and that didn't help; I've also tried setting the TLS_RANDFILE in the ldap.conf file but that didn't seem to have any effect either. [2005-10-31 20:30:06] zbowden at vt dot edu Just an additional idea/comment. If I go to 5.0.5 and replace the libeay32.dll and ssleay32.dll files with the ones included with the 5.0.4 release everything works fine. [2005-10-27 17:25:23] zbowden at vt dot edu tried the latest snapshot; I not longer get the access violation, however I cannot connect to any ldap server via LDAPS URI (says it can't contact server). I did use ntfilemon to make sure the ldap.conf (and ldaprc) files were being read and they are. Not sure where the problem is though? I rolled back to the release version of 5.0.4 just to be sure it would still work and I can connect & bind to the ldap servers via LDAPS (& start_tls). [2005-10-24 01:14:59] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34482 -- Edit this bug report at http://bugs.php.net/?id=34482&edit=1
#34482 [Com]: LDAP Searches cause Access Violation when connecting via LDAPS
ID: 34482 Comment by: bbuie at csuchico dot edu Reported By: zbowden at vt dot edu Status: Assigned Bug Type: LDAP related Operating System: Windows 2003 PHP Version: 5CVS-2005-09-12 (snap) Assigned To: edink New Comment: I'm using Windows 2003/Apache 2.0.55/Openssl 0.9.8a with the same type of problem. However, it appears that it is the ldap_bind() function that causes the error/lock up (I perform a ldap_connect() then a ldap_set_option() then a ldap_bind(), then a ldap_close()). If I comment out the ldap_bind() call then the script completes without error or lockup. Just using PHP from a command line I get the following results: PHP 5.0.4 works fine; 5.0.5 gives an access violation with libeay32.dll; and the latest snap shot version locks up (it doesn't comsume cpu cycles but it just sits there forever). If I copy the 5.0.4 dll's to the 5.0.5 version it works, but the 5.0.4 dll's don't work for the latest snap shot. Also a non-secure (port 389) ldap connection on all three versions works just fine: it connects, binds, searchs, and disconnects just fine. The only other thing I can add is that I tried is using the libeay32.dll and ssleay32.dll from the Apache/bin folder for php, that creates an access violation with php5ts.dll. Previous Comments: [2005-10-31 20:31:14] zbowden at vt dot edu However, if I try to go with the most recent snapshot and replace those dll's it still doesn't work. I don't get the access violation, but I can never connect to the ldap server. [2005-10-31 20:30:06] zbowden at vt dot edu Just an additional idea/comment. If I go to 5.0.5 and replace the libeay32.dll and ssleay32.dll files with the ones included with the 5.0.4 release everything works fine. [2005-10-27 17:25:23] zbowden at vt dot edu tried the latest snapshot; I not longer get the access violation, however I cannot connect to any ldap server via LDAPS URI (says it can't contact server). I did use ntfilemon to make sure the ldap.conf (and ldaprc) files were being read and they are. Not sure where the problem is though? I rolled back to the release version of 5.0.4 just to be sure it would still work and I can connect & bind to the ldap servers via LDAPS (& start_tls). [2005-10-24 01:14:59] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip [2005-09-12 19:41:55] [EMAIL PROTECTED] Someone updated some libs..assigned to that someone. :) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/34482 -- Edit this bug report at http://bugs.php.net/?id=34482&edit=1