[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with OpenLDAP and Apache/PHP
- To: <openldap-software@OpenLDAP.org>
- Subject: Problem with OpenLDAP and Apache/PHP
- From: "Oakes, Edward B" <eoakes@RADFORD.EDU>
- Date: Wed, 29 May 2002 08:46:26 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcIHDtgSeXB86lnDQNy7WPgt30bLyw==
- Thread-topic: Problem with OpenLDAP and Apache/PHP
I have been having difficulty getting any direction on
how to resolve this problem so I decided to try posting
to this list. Any suggestions or recommendations would
be greatly appreciated.
I am currently using openldap-2.0.23, Apache 1.3.22 and
PHP 4.2.1.
My php program is being used to authenticate a user against
several Microsoft Active Directory Servers. It works
flawlessly 95% of the time, but intermittently (about 5%
of the time) Apache gives me a segmentation faulty
when I call I get either ldap_bind or ldap_close.
My code basically:
Opens a socket to port 389 to be sure the server is working.
Close the socket
If the server is operational use ldap_connect to connect to the server
Use ldap_bind to bind to the server as a known user.
Do an ldap_search for the "cn" and "sn" of the user we want to
authenticate.
Use ldap_get_entries to put the returned entries into a string.
At this point the next ldap call I make sometimes causes a
segmentation fault but most of the time it works. At this
point what I need to do is do a ldap_bind as the correct user
to authenticate them. If I try either an ldap_unbind, ldap_close,
or ldap_bind here all of these will work most of the time and give me
a segmentation fault occasionally.
Here is the basic php code.
// Check to see that the active directory server is operational
// before we try to make a connection to it.
if ($fp = fsockopen($ADServer1,389,$errno,$errstr,$Timeout)) {
fclose($fp);
$ds=ldap_connect($ADServer1);
$ADServer=$ADServer1;
}
if (!$ds) {
if ($fp = fsockopen($ADServer2,389,$errno,$errstr,$Timeout)) {
fclose($fp);
$ds=ldap_connect($ADServer2);
$ADServer=$ADServer2;
}
}
if (!$ds) {
DisplayError("Unable to bind to ldap server");
exit;
} else {
//
// First bind as our "ANONYMOUS" user and lookup the full cn
// for the user that is actually logging in.
//
if (!(ldap_bind($ds,$LOOKUP_BIND_DN,$LOOKUP_BIND_PASSWORD))) {
DisplayError("LDAP Bind for $LOOKUP_BIND_USER did not work");
ldap_unbind($ds);
exit;
} else {
$justthese=array("cn","sn");
$filter="(samaccountname=$USERNAME)";
$sr=ldap_search($ds,"dc=radford,dc=edu",$filter,$justthese);
$info=ldap_get_entries($ds,$sr);
if ($info==FALSE) {
DisplayError("unable to find user in the directory.");
exit;
}
if ($info["count"] <> 1) {
DisplayError("No user account found for $USERNAME");
exit;
} else {
$USER_DN=$info[0]["dn"];
// At this point I have the DN for the user I need to
// bind as this user to see if they entered the correct
// password.
// NOTE: This is where my next ldap call will occasionally
// (about 5% of the time) creates the seg fault.
// I have tried taking out the ldap_close and
// ldap_connect becuase I should be able to
// just bind again, but I get the same
// result either way.
ldap_close($ds);
$ds=ldap_connect($ADServer);
if (!$ds) {
DisplayError("Unable to bind to ldap server on second
bind");
exit;
}
if (!(ldap_bind($ds,$USER_DN,$PASSWORD))) {
DisplayError("Invald Password");
ldap_unbind($ds);
exit;
}
--------------------------------------------------------
Ed Oakes Phone: (540) 831-6233
Radford University Fax: (540) 831-5555
Academic Computing Email: eoakes@radford.edu
http://www.radford.edu/~acadcomp