| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 2.2.0 |
| Bug #16272 | Can start tls | ||
|---|---|---|---|
| Submitted: | 2009-05-30 21:00 UTC | ||
| From: | psaid | Assigned: | beni |
| Status: | Closed | Package: | Net_LDAP2 (version 2.0.0) |
| PHP Version: | 5.1.6 | OS: | Centos 5.3 |
| Roadmaps: | 2.1.0 | ||
[2009-05-30 21:00 UTC] psaid
(Paulo Dias)
Description:
------------
if i do this, i connect:
$ds=ldap_connect('ldap.ipcb.pt') or die('ERROR');
ldap_start_tls($ds) or die('ERROR');
$ldaprdn = 'cn=Manager,dc=ipcb,dc=pt';
$ldappass = 'secret';
$r = ldap_bind($ds, $ldaprdn, $ldappass);
when i try ldap2, no connection:
// The configuration array:
$config = array (
'binddn' => 'cn=Manager',
'bindpw' => 'kkkkkk',
'basedn' => 'dc=ipcb,dc=pt',
'host' => 'localhost',
'starttls' => true
);
// Connect to configured ldap server
$ldap = Net_LDAP2::connect($config);
if (Net_LDAP2::isError($ldap)) {
die('BIND FAILED: '.$ldap->getMessage());
}
I cach this error:
BIND FAILED: LDAP_CONFIDENTIALITY_REQUIRED Parameters: Base: Filter: (objectClass=*) Scope: base: LDAP_CONFIDENTIALITY_REQUIRED
Probably i'm doing something wrong and this is not a bug...
Thanks
Paulo
Comments
[2009-06-01 02:13 UTC] beni
(Benedikt Hallinger)
This may be related to the already fixed bug #15494.
Are you sure you use the recent packaged version 2.0.0 and not one of its release candidates?
Please try also the following configuration array:
(explained at https://pear.php.net/manual/en/package.networking.net-ldap.connecting.php)
$config = array (
'binddn' => 'cn=Manager,dc=ipcb,dc=pt',
'bindpw' => 'secret',
'basedn' => 'dc=ipcb,dc=pt',
'host' => 'localhost',
'starttls' => true
);
The binddn parameter is not relative but absolute!
[2009-06-01 17:22 UTC] psaid
(Paulo Dias)
I use your example, with 2.0.0, but with no sucess... the same error.
[2009-06-02 11:31 UTC] beni
(Benedikt Hallinger)
Thank you for your response!
Which LDAP server do you use?
when connecting, Net_LDAP2
does:
- establish connection to LDAP host
- set LDAP version
- if starttls = true; calls start_tls();
Maybe your server is so strict that even setting the ldap version needs to be secured. I will do a recherche in the LDAP spec to see if this is expected behavior, since if i am remembering right, this should not be the case.
In the meanwhile you could test that if you open LDAP.php in your favorite editor and put the block of lines 438-337 at line 429 prior the "// Set LDAP version ..." code block.
[2009-06-02 15:32 UTC] psaid
(Paulo Dias)
-Operating System: Fedora
+Operating System: Centos 5.3
I use:
openldap-2.3.27 [2009-06-02 15:51 UTC] psaid
(Paulo Dias)
Ok, it's that, you must set the ldap version after start tls.
Problem solved.
Thanks Benni
Paulo
[2009-06-02 16:01 UTC] beni
(Benedikt Hallinger)
-Roadmap Versions:
+Roadmap Versions: 2.1.0
Thank you for verifying this.
Usually its not necessary for setLDAPVersion() to have TLS up, but i will introduce code that handles this special situation.
This will go into CVS shortly. [2009-06-02 16:08 UTC] beni
(Benedikt Hallinger)
-Status: Assigned
+Status: Closed
This bug has been fixed in CVS.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.
It is fixed in CVS version now.