Bug #50270 [Com]: ldap_start_tls problem
Edit report at https://bugs.php.net/bug.php?id=50270edit=1
ID: 50270
Comment by: omar dot piani at gmail dot com
Reported by:jcarlos at dsi dot uclm dot es
Summary:ldap_start_tls problem
Status: Open
Type: Bug
Package:LDAP related
Operating System: windows
PHP Version:5.3.1
Block user comment: N
Private report: N
New Comment:
I was stucked with this: https://bugs.php.net/bug.php?id=48866
the solution is move the ldap.conf to c:\
Previous Comments:
[2010-08-12 00:33:28] steve at maraspin dot net
I am also experiencing the same problem with PHP 5.3.2, bundled in Zend Server
CE. I've tried invoking following script both from the cli and apache on CentOS
5.5 64 bit and it fails on both cases. Following error message appears:
Warning: ldap_start_tls(): Unable to start TLS: Not Supported in
/tmp/script.php on line 7
On same machine, the same script, interpreted by a PHP 5.1.6 (cli) interpreter
(obtained from CentOS yum repository, php package) works well. Both php
binaries are compiled for 64 bit.
?php
$ldap=ldap://myhost;;
$ds=ldap_connect($ldap,389);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
if(ldap_start_tls($ds)) {
$ldapbind = ldap_bind($ds,
cn=username,
dc=x,
dc=y,
password
);
if ($ldapbind) {
echo ok;
} else {
echo ko tls;
}
} else {
echo no tls;
}
} else echo no option;
} else {
echo no version;
}
ldap_close($ds);
[2009-12-01 11:12:34] jcarlos at dsi dot uclm dot es
I have tested in linux
Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX
===
I'm not an expert, but it works.
1)I have installed ubuntu 9.10 desktop
2)Packages:
apt-get install apache2
apt-get install libapache2-mod-php5
apt-get install libldap-2.4-2
apt-get install ldap-utils
apt-get install libsasl2-modules-ldap
apt-get install openssl
apt-get install libsasl2-2
apt-get install libkrb5-3
apt-get install kbr5-config
apt-get install kbr5-user
apt-get install php5-ldap
apt-get install php5-sasl
apt-get install php5-auth-pam
3)Put the PEM certificate.
cd /etc/ldap
mkdir certs
copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem
NOTE:webcert.crt rename to mycert.pem. It's the same
4)Edit the file /etc/ldap/ldap.conf and Add:
TLS_REQCERT never
TLS_CACERT /etc/ldap/certs/mycert.pem
5)Create file /var/www/ldaptlstest.php:
?php
$ldap=ldap.myDomain.com;
$usr=u...@mydomain.com;
$pwd=mypassword;
$ds=ldap_connect($ldap);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
if(ldap_start_tls($ds))
$ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);
if(!$ldapbind)
echo ERROR;
else
echo OK;
?
6)Restart the server: /etc/init.d/apache2 restart
7)Open Firefox and write: http://localhost/ldaptlstest.php
;) Works fine
[2009-11-27 09:19:01] jcarlos at dsi dot uclm dot es
In Step 1, I have downloaded the certificate the the url
https://www.myDomain.com
[2009-11-26 11:05:18] paj...@php.net
Moving to the to be documented state, it could be very usefull to have this
info in the ldap documentation.
[2009-11-26 10:54:10] jcarlos at dsi dot uclm dot es
A little manual, for a easy configuration
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS
==
My configuration:
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11
NOTE 1: At the momment, the versión 5.3.1 fail with tls
NOTE 2: This example works on windows, but in linux is similar
1) Download the Certificate X.509 (PEM format) from a web browser, I used
Firefox. I put the name webcert.crt
2) Create the folder c:\openldap\sysconf
3) Copy the file webcert.crt to c:\openldap\sysconf
4) With notepad you must create the file c:\openldap\sysconf\ldap.conf file.
The file contents:
TLS_REQCERT never
Bug #50270 [Com]: ldap_start_tls problem
Edit report at http://bugs.php.net/bug.php?id=50270edit=1
ID: 50270
Comment by: steve at maraspin dot net
Reported by:jcarlos at dsi dot uclm dot es
Summary:ldap_start_tls problem
Status: To be documented
Type: Bug
Package:LDAP related
Operating System: windows
PHP Version:5.3.1
Block user comment: N
New Comment:
I am also experiencing the same problem with PHP 5.3.2, bundled in Zend
Server CE. I've tried invoking following script both from the cli and
apache on CentOS 5.5 64 bit and it fails on both cases. Following error
message appears:
Warning: ldap_start_tls(): Unable to start TLS: Not Supported in
/tmp/script.php on line 7
On same machine, the same script, interpreted by a PHP 5.1.6 (cli)
interpreter (obtained from CentOS yum repository, php package) works
well. Both php binaries are compiled for 64 bit.
?php
$ldap=ldap://myhost;;
$ds=ldap_connect($ldap,389);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
if(ldap_start_tls($ds)) {
$ldapbind = ldap_bind($ds,
cn=username,
dc=x,
dc=y,
password
);
if ($ldapbind) {
echo ok;
} else {
echo ko tls;
}
} else {
echo no tls;
}
} else echo no option;
} else {
echo no version;
}
ldap_close($ds);
Previous Comments:
[2009-12-01 11:12:34] jcarlos at dsi dot uclm dot es
I have tested in linux
Width PHP/5.2.10-2ubuntu and Apache/2.2.1.2
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS IN LINUX
===
I'm not an expert, but it works.
1)I have installed ubuntu 9.10 desktop
2)Packages:
apt-get install apache2
apt-get install libapache2-mod-php5
apt-get install libldap-2.4-2
apt-get install ldap-utils
apt-get install libsasl2-modules-ldap
apt-get install openssl
apt-get install libsasl2-2
apt-get install libkrb5-3
apt-get install kbr5-config
apt-get install kbr5-user
apt-get install php5-ldap
apt-get install php5-sasl
apt-get install php5-auth-pam
3)Put the PEM certificate.
cd /etc/ldap
mkdir certs
copy /myhome/mycert.pem /etc/ldap/certs/mycert.pem
NOTE:webcert.crt rename to mycert.pem. It's the same
4)Edit the file /etc/ldap/ldap.conf and Add:
TLS_REQCERT never
TLS_CACERT /etc/ldap/certs/mycert.pem
5)Create file /var/www/ldaptlstest.php:
?php
$ldap=ldap.myDomain.com;
$usr=u...@mydomain.com;
$pwd=mypassword;
$ds=ldap_connect($ldap);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
if(ldap_start_tls($ds))
$ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);
if(!$ldapbind)
echo ERROR;
else
echo OK;
?
6)Restart the server: /etc/init.d/apache2 restart
7)Open Firefox and write: http://localhost/ldaptlstest.php
;) Works fine
[2009-11-27 09:19:01] jcarlos at dsi dot uclm dot es
In Step 1, I have downloaded the certificate the the url
https://www.myDomain.com
[2009-11-26 11:05:18] paj...@php.net
Moving to the to be documented state, it could be very usefull to have
this info in the ldap documentation.
[2009-11-26 10:54:10] jcarlos at dsi dot uclm dot es
A little manual, for a easy configuration
INTEGRATING ACTIVE DIRECTORY WITH PHP-LDAP AND TLS
==
My configuration:
Apache/2.2.14 (Win32) mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11
NOTE 1: At the momment, the versión 5.3.1 fail with tls
NOTE 2: This example works on windows, but in linux is similar
1) Download the Certificate X.509 (PEM format) from a web browser, I
used Firefox. I put the name webcert.crt
2) Create the folder c:\openldap\sysconf
3) Copy the file webcert.crt to c:\openldap\sysconf
4) With notepad you must create the file c:\openldap\sysconf\ldap.conf
file. The file contents:
TLS_REQCERT never
TLS_CACERT c:\openldap\sysconf\webcert.crt
5) The code:
?php
$ldap=ldap.myDomain.com;
$usr=u...@mydomain.com;
