ZF-10811: Zend_Ldap work properly in windows but crash in centos

Issue Type: Bug Created: 2010-12-11T15:16:06.000+0000 Last Updated: 2012-08-27T17:00:03.000+0000 Status: Open Fix version(s): Reporter: Ramlan Gustian (rampog) Assignee: Stefan Gehrig (sgehrig) Tags: - Zend_Ldap

Related issues: Attachments:


dear all the php terminated scripts when connect to Active Directory Windows when invalid credential but when i try in windows return "0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0):"

capture of my code $options = array( 'host' => '', 'username' => 'administratord', 'password' => 'P@ssw0rd', 'accountDomainName' => '', 'accountCanonicalForm' => 4, 'optReferrals' => 0, 'baseDn' => 'DC=domain,DC=myhost,DC=com' ); $ldap=new Zend_Ldap($options); $connected = $ldap->connect(); $data = $ldap->getResource(); var_dump($data);


Posted by Stefan Gehrig (sgehrig) on 2010-12-12T22:58:42.000+0000

Could you please make sure, that ext/ldap (that's the LDAP PHP extension) is working correctly on your CentOs machine? Try to connect to the server using the core ldap_*-functions. Check you php.ini for any configuration parameters present - also check phpinfo(); for the ext/ldap.

It's quite uncommon that Zend_Ldap brings down the whole script by itself without any error message.

Please also do a check on your error log. If you disabled error logging, please turn it on, so that PHP low-level errors are logged to a file (alternatively switch display_errors on so that PHP low-level errors are displayed on screen),

We'd need a lot mor information to do some debugging on this one.

Posted by Ramlan Gustian (rampog) on 2010-12-12T23:34:26.000+0000

Hi Stefan Gehrig i am very pleasure for reply i have created new case in ticketing support but still no reply i also have attach files that support tools generate

all is well connecting to Active Directory both windows & my centOs machine if valid username & password

but only invalid credential in my CentOs machine terminated scripts

i check in /usr/local/zend/var/log/php.log nothing change when i execute that invalid credential

for info

centOs machine PHP Version 5.3.1

display_errors - On error_log - /usr/local/zend/var/log/php.log
error_reporting - E_ALL

should i place files that generated by zend CE support tools is possible here?

Posted by Stefan Gehrig (sgehrig) on 2010-12-13T04:40:22.000+0000

Strange... Please post as much information as possible (remove such things as usernames, password and server addresses / names if possible).

What does

<pre class="highlight">

print (inserted before the second-to-last line)?

Posted by Ramlan Gustian (rampog) on 2010-12-13T19:02:51.000+0000

return like this when i var_dump for invalid credential but i should be place before

<pre class="highlight">

object(Zend_Ldap)#142 (6) { ["_connectString":"Zend_Ldap":private]=> string(19) "ldap://" ["_options"]=> array(15) { ["host"]=> string(12) "" ["port"]=> int(0) ["useSsl"]=> bool(false) ["username"]=> string(14) "administratord" ["password"]=> string(8) "P@ssw0rd" ["bindRequiresDn"]=> bool(false) ["baseDn"]=> string(20) "DC=ibm,DC=myhost,DC=com" ["accountCanonicalForm"]=> int(4) ["accountDomainName"]=> string(11) "" ["accountDomainNameShort"]=> NULL ["accountFilterFormat"]=> NULL ["allowEmptyPassword"]=> bool(false) ["useStartTls"]=> bool(false) ["optReferrals"]=> bool(false) ["tryUsernameSplit"]=> bool(true) } ["_resource":protected]=> resource(141) of type (ldap link) ["_boundUser":protected]=> bool(false) ["_rootDse":protected]=> NULL ["_schema":protected]=> NULL } 

for info
i use zf version 1.10.3
scripts terminated in
zend/ldap.php on line 204 

when invalid credential

may be could help

Posted by Stefan Gehrig (sgehrig) on 2010-12-14T06:13:48.000+0000

OK... We're closing in...

Please check your phpinfo(); and post the "ldap"-section, which should give you something like

<pre class="highlight">

LDAP Support    enabled
RCS Version $Id: ldap.c 299434 2010-05-17 20:09:42Z pajoye $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version  20411
SASL Support    Enabled

Directive   Local Value Master Value
ldap.max_links  Unlimited   Unlimited

Perhaps your version of ext/ldap has not been built with OpenLDAP 2.x.x OR Netscape Directory SDK x.x which means that the ldap_get_option() function might not be available or not working properly.

Posted by Ramlan Gustian (rampog) on 2010-12-15T00:11:50.000+0000

LDAP Support enabled RCS Version $Id: ldap.c 287897 2009-08-30 15:33:59Z iliaa $ Total Links 0/unlimited API Version 3001 Vendor Name OpenLDAP Vendor Version 20420

Directive Local Value Master Value ldap.max_links Unlimited Unlimited

may be could help

Posted by Stefan Gehrig (sgehrig) on 2010-12-15T11:27:54.000+0000

Not what I "hoped" for...

Do you have any other Linux machine on hand to try the code? What AD server are you authenticating against (Windows Server 2003, Windows Server 2008)?

Posted by Ramlan Gustian (rampog) on 2010-12-15T20:07:54.000+0000

Windows Server 2008 any recommendation what php version that work properly for doing authentication through LDAP Active Directory that you have tried?

Posted by Stefan Gehrig (sgehrig) on 2010-12-16T00:00:23.000+0000

Do you have any possibility to run the Zend_Ldap unit tests on both of your machines?

I actually managed to run all the tests successfully from a Windows machine (PHP 5.2.x) connecting to OpenLDAP, Windows 2003 R2 and Windows 2008 and from a Mac (PHP 5.3.3) connecting to OpenLDAP and Windows 2003 R2. Unfortunately I don't have a Windows 2008 virtual machine available, so I cannot test PHP 5.3.3 against the Windows 2008 AD.

Hard to debug...

Posted by Ramlan Gustian (rampog) on 2011-01-10T00:33:16.000+0000

ok tks for help,, temporary solution,, i've use php classic (ldap_bin) not using zend_auth_ldap

it work properly both windows & centos

Posted by Andreas Heigl (heiglandreas) on 2012-08-27T17:00:03.000+0000

Is this still an issue?

If so, what happens, if you remove the "@" before the ldap_get_options. Any helpful error messages?

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.