php-windows Digest 12 Mar 2007 21:00:18 -0000 Issue 3164
Topics (messages 27574 through 27577):
LDAP and IIS 6
27574 by: dsartori
27576 by: Bowden, Zeb
27577 by: dsartori
PHP4 and DST Changes
27575 by: James Crow
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-windows@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello,
I am trying to get my certs and LDAP to work for SASL external
authentication. So far, no luck. My error message and code follow. Some
of the documentation for PHP suggests that there is only limited LDAP
functionality included in the default extension (not SASL) and you must
recompile to get everything. Is this my problem? Which is a problem since
I don't have Visual Studio C++. But knowing for sure that I haven't done a
silly typo of some kind would be a good start. A friend is running similar
code with success using the same certificates. So, I don't think it is
them.
This is my first foray into authenticated links so your help is greatly
appreciated.
Diana
[12-Mar-2007 10:08:23] PHP Warning: ldap_start_tls() [<a
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start
TLS: Connect error in
......
# SASL EXTERNAL authentication config
$tls_cacert="ca.crt";
$tls_cert=website.crt";
$tls_key="website.key";
putenv("LDAPTLS_CACERT=$tls_cacert");
putenv("LDAPTLS_CERT=$tls_cert");
putenv("LDAPTLS_KEY=$tls_key");
# LDAPv3 is required
$r = ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
$d = ldap_connect($host);
if (!$d)
exit(0);
$r = ldap_start_tls($d);
--
-------------------------------------------------------------
Diana Sartorius [EMAIL PROTECTED] 206.543.7263
227 Hall Health Center Box 354400 U of WA
Seattle, WA 98195-4400
--- End Message ---
--- Begin Message ---
Can you turn off SASL binding on your ldap server or try contacting
another ldap server w/ tls just to make sure that's not your issue? I've
had trouble in the past when I didn't specify the full path to the
certificate or ldaprc file.
It looks like you're failing at the ldap_start_tls() and not the
ldap_sasl_bind(...,"EXTERNAL") but that could just be a bad error
message.
Just an idea .. I've not actually done a SASL bind from PHP/IIS :)
-zeb
-----Original Message-----
From: dsartori [mailto:[EMAIL PROTECTED]
Sent: Monday, March 12, 2007 2:19 PM
To: php-windows@lists.php.net
Subject: [PHP-WIN] LDAP and IIS 6
Hello,
I am trying to get my certs and LDAP to work for SASL external
authentication. So far, no luck. My error message and code follow.
Some
of the documentation for PHP suggests that there is only limited LDAP
functionality included in the default extension (not SASL) and you must
recompile to get everything. Is this my problem? Which is a problem
since
I don't have Visual Studio C++. But knowing for sure that I haven't
done a
silly typo of some kind would be a good start. A friend is running
similar
code with success using the same certificates. So, I don't think it is
them.
This is my first foray into authenticated links so your help is greatly
appreciated.
Diana
[12-Mar-2007 10:08:23] PHP Warning: ldap_start_tls() [<a
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to
start
TLS: Connect error in
......
# SASL EXTERNAL authentication config
$tls_cacert="ca.crt";
$tls_cert=website.crt";
$tls_key="website.key";
putenv("LDAPTLS_CACERT=$tls_cacert");
putenv("LDAPTLS_CERT=$tls_cert");
putenv("LDAPTLS_KEY=$tls_key");
# LDAPv3 is required
$r = ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
$d = ldap_connect($host);
if (!$d)
exit(0);
$r = ldap_start_tls($d);
--
-------------------------------------------------------------
Diana Sartorius [EMAIL PROTECTED] 206.543.7263
227 Hall Health Center Box 354400 U of WA
Seattle, WA 98195-4400
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Zeb,
I should have been more complete. LDAP is working. I am trying to upgrade
for security reasons from a working setup. I recently also upgraded PHP to
5.2.1, though everything else seems to be working fine.
I agree, the error message does list ldap_start_tls which is a command I
haven't used in the past. That is what made me wonder if it is not included
by default in the Windows version of LDAP or require me to recompile with
the SASL option. Before, I was simply binding without the certificate
requirements. Simple binding to a different ldap host still works. I
shortened the code and do give the full paths to the crts.
I don't know if there is another LDAP box I can try tls on, but I will use
your suggestion next.
Thank you,
Diana
-------------------------------------------------------------
Diana Sartorius [EMAIL PROTECTED] 206.543.7263
227 Hall Health Center Box 354400 U of WA
Seattle, WA 98195-4400
""Bowden, Zeb"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Can you turn off SASL binding on your ldap server or try contacting
another ldap server w/ tls just to make sure that's not your issue? I've
had trouble in the past when I didn't specify the full path to the
certificate or ldaprc file.
It looks like you're failing at the ldap_start_tls() and not the
ldap_sasl_bind(...,"EXTERNAL") but that could just be a bad error
message.
Just an idea .. I've not actually done a SASL bind from PHP/IIS :)
-zeb
-----Original Message-----
From: dsartori [mailto:[EMAIL PROTECTED]
Sent: Monday, March 12, 2007 2:19 PM
To: php-windows@lists.php.net
Subject: [PHP-WIN] LDAP and IIS 6
Hello,
I am trying to get my certs and LDAP to work for SASL external
authentication. So far, no luck. My error message and code follow.
Some
of the documentation for PHP suggests that there is only limited LDAP
functionality included in the default extension (not SASL) and you must
recompile to get everything. Is this my problem? Which is a problem
since
I don't have Visual Studio C++. But knowing for sure that I haven't
done a
silly typo of some kind would be a good start. A friend is running
similar
code with success using the same certificates. So, I don't think it is
them.
This is my first foray into authenticated links so your help is greatly
appreciated.
Diana
[12-Mar-2007 10:08:23] PHP Warning: ldap_start_tls() [<a
href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to
start
TLS: Connect error in
......
# SASL EXTERNAL authentication config
$tls_cacert="ca.crt";
$tls_cert="website.crt";
$tls_key="website.key";
putenv("LDAPTLS_CACERT=$tls_cacert");
putenv("LDAPTLS_CERT=$tls_cert");
putenv("LDAPTLS_KEY=$tls_key");
# LDAPv3 is required
$r = ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
$d = ldap_connect($host);
if (!$d)
exit(0);
$r = ldap_start_tls($d);
--
-------------------------------------------------------------
Diana Sartorius [EMAIL PROTECTED] 206.543.7263
227 Hall Health Center Box 354400 U of WA
Seattle, WA 98195-4400
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I have tried searching, but so far have not found an answer.
With the recent DST change I have some old PHP4 apps that work fine when run
under php4/linux. The same scripts have incorrect time when run under
php4/windows. I ran a simple test under Windows and Linux:
<?php
print date('I');
?>
Under windows it returns 0 (i.e. not running in DST). Under Linux it returns
1. Is PHP4/Windows broken regarding the recent DST changes?
Thanks,
James
--
James Crow
--- End Message ---
