Hi,

I'm having some trouble with the ldap functions. I can connect with the openldap server via the commandline, Evolution and Thunderbird, buy I cannot connect via php using the same settings. Here is the code I'm trying:

<?php //testing the ldap functions
$host="127.0.0.1";
$port=389;
echo "Connecting...<br/>";
$ds=ldap_connect($host,$port);
echo "Connection result is: " . $ds . "<br />";
if ($ds) {
$ldn="cn=Manager,dc=mut,dc=fetchrow";
$lpw="secret"; //clear text
echo "Binding...";
echo $ldn;
echo $lpw;
$rw=ldap_bind($ds,$ldn,$lpw);
if ($rw) {
echo "Bind Successful!";
} else {
echo "LDAP bind failed";
echo ldap_error($ds);
}
}
?>

I get the connection: Resource id #2, but when it hits the ldap_bind line I get this error:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/public/ldaptext.php on line 15

I've googled and googled, but I can't find anything that works.

Any thoughts?

    Me again,

    I did notice something interesting. I crashed my server and had to delete the lock files (_db.001, etc). When slapd recreated them they were root:root, not ldap:ldap and slapd would not start until I chown them.

    Is it possible apache cannot access some file or resource because of permission problems?

    I thought I would give some more info:

    Fedora Core 3
    PHP 4.3.11
    - out of the box (includes LDAP support)
    -safe_mode=Off
    Apache 2.0.58
    openldap 2.2.13

    Stopping firewall has no effect
    flushing iptables has no effect
    localhost is in hosts.allow
    Removing ALL:ALL from hosts.deny has not effect

    my slapd.conf:

    #

    See slapd.conf(5) for details on configuration options.

    This file should NOT be world readable.

    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/mozillaorgperson.schema
    include /etc/openldap/schema/evolutionperson.schema

    Allow LDAPv2 client connections. This is NOT the default.

    allow bind_v2

    Do not enable referrals until AFTER you have a working directory

    service AND an understanding of referrals.

    #referral ldap://root.openldap.org

    pidfile /var/run/slapd.pid
    argsfile /var/run/slapd.args

    Load dynamic backend modules:

    modulepath /usr/sbin/openldap

    moduleload back_bdb.la

    moduleload back_ldap.la

    moduleload back_ldbm.la

    moduleload back_passwd.la

    moduleload back_shell.la

    The next three lines allow use of TLS for encrypting connections using a

    dummy test certificate which you can generate by changing to

    /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on

    slapd.pem so that the ldap user or group can read it. Your client software

    may balk at self-signed certificates, however.

    TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

    TLSCertificateFile /usr/share/ssl/certs/slapd.pem

    TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

    Sample security restrictions

    Require integrity protection (prevent hijacking)

    Require 112-bit (3DES or better) encryption for updates

    Require 63-bit encryption for simple bind

    security ssf=1 update_ssf=112 simple_bind=64

    Sample access control policy:

    Root DSE: allow anyone to read it

    Subschema (sub)entry DSE: allow anyone to read it

    Other DSEs:

    Allow self write access

    Allow authenticated users read access

    Allow anonymous users to authenticate

    Directives needed to implement policy:

    access to dn.base="" by * read

    access to dn.base="cn=Subschema" by * read

    access to *
    by self write
    by dn="cn=Manager,dc=mut,dc=fetchrow" write
    by users write
    by anonymous read
    #

    if no access controls are present, the default policy

    allows anyone and everyone to read anything but restricts

    updates to rootdn. (e.g., "access to by read")

    #

    rootdn can always read and write EVERYTHING!

    #######################################################################

    ldbm and/or bdb database definitions

    #######################################################################

    database bdb
    #suffix "dc=my-domain,dc=com"
    suffix "dc=mut,dc=fetchrow"
    rootdn "cn=Manager,dc=mut,dc=fetchrow"
    #rootdn "cn=Manager,dc=my-domain,dc=com"

    Cleartext passwords, especially for the rootdn, should

    be avoided. See slappasswd(8) and slapd.conf(5) for details.

    Use of strong authentication encouraged.

    rootpw secret

    rootpw {crypt}ijFYNcSNctBYg

    The database directory MUST exist prior to running slapd AND

    should only be accessible by the slapd and slap tools.

    Mode 700 recommended.

    directory /var/lib/ldap

    Indices to maintain for this database

    index objectClass eq,pres
    index ou,cn,mail,surname,givenname eq,pres,sub
    index uidNumber,gidNumber,loginShell eq,pres
    index uid,memberUid eq,pres,sub
    index nisMapName,nisMapEntry eq,pres,sub

    Replicas of this database

    #replogfile /var/lib/ldap/openldap-master-replog
    #replica host=ldap-1.example.com:389 starttls=critical

    bindmethod=sasl saslmech=GSSAPI

    authcId=host/ldap-master.example.com@EXAMPLE.COM

    Here is my ldap.conf:

    #

    LDAP Defaults

    #

    See ldap.conf(5) for details

    This file should be world readable but not world writable.

    #BASE dc=example, dc=com
    #URI ldap://localhost

    #SIZELIMIT 12
    #TIMELIMIT 15
    #DEREF never
    HOST 127.0.0.1
    BASE dc=mut,dc=fetchrow

    Any thoughts?

      Write a Reply...