One script works and one does not ?

Can someone shed some light on why one of the these scripts would work and one would not? they are both doing an ldap bind but need the first one to work but cannot seem to figure out why it is failing…

This one is not working…

[php]

<?php // version = CONADS.2.0 /* initialise LDAP-TLS connection */ // ERRORS HERE REALLY NEED TO BE REPORTED TO THE BROWSER. ini_set('display_errors', 0); error_reporting(E_ALL); $svr1="ldap://ad.testdomain.local"; $usr="[email protected]"; $pwd="XXXXXXX"; $LDAP=ldap_connect($svr1); $Bind=false; if(ldap_set_option($LDAP, LDAP_OPT_PROTOCOL_VERSION, 2)) if(ldap_set_option($LDAP, LDAP_OPT_REFERRALS, 0)) if(ldap_start_tls($LDAP)) $Bind = @ldap_bind($LDAP, $usr, $pwd); #ldap_close($LDAP); if(!$Bind){ echo "

Unfortunately, there has been a binding error

"; die; } else echo "

---

"; //horizontal line printed is an immediate indication that the LDAP bind works - simple enough /*form data loader stuff */ $loadedname = $_GET['user']; ?>

[/PHP]

and this one works…

[PHP]

<?php // using ldap bind $ldaprdn = '[email protected]'; // ldap rdn or dn $ldappass = 'XXXXX'; // associated password // connect to ldap server $ldapconn = ldap_connect("ldap://ad.testdomain.local") or die("Could not connect to LDAP server."); if ($ldapconn) { // binding to ldap server $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass); // verify binding if ($ldapbind) { echo "LDAP bind successful..."; } else { echo "LDAP bind failed..."; } } ?>

[/PHP]

Thanks,
Gavin…

Gavin,

I don’t see anything wrong with the code in the first script. Are you getting any errors or warnings?

There are a few things that I would look at:

First, I would change:[php] $Bind = @ldap_bind($LDAP, $usr, $pwd); [/php]
To[php] $Bind = ldap_bind($LDAP, $usr, $pwd);[/php]

This will allow the ldap_bind to report any errors it is encountering (if they exist). Once you know everything is working, you could change it back.

If I were to guess, I would say that one of your if statements may be returning false.

Try the following:[php]<?php
$LDAP=ldap_connect($svr1);
if(ldap_set_option($LDAP, LDAP_OPT_PROTOCOL_VERSION, 2)) echo ‘Test 1 passed’;
if(ldap_set_option($LDAP, LDAP_OPT_REFERRALS, 0)) echo ‘Test 2 passed’;
if(ldap_start_tls($LDAP)) echo ‘Test 3 passed’;
?>[/php]

Let me know if you get all three ‘Test x passed’ responses.

Thanks for the reply, it looks like Test 3
[php] if(ldap_start_tls($LDAP)) echo ‘Test 3 passed’;[/php]
is the one that is failing. Is this a PHP problem or is this an issue with LDAP, I have tested connecting to LDAP on port 389 and it connects fine… Any ideas ?

Your code is fine, it looks to me like it is related to ldap.

I may be wrong, but I thought protocol version 3 was required for TLS connection with LDAP.

Yup, I saw that as well, I changed it to V 3 and still the same thing. I did however notice that there is a error in the event viewer on the AD server, this might be part of the problem…

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

This looks like there is a problem with Active Directory accepting the connection… going to look into this further.

Thanks Again,
Gavin…

Good luck!

Sounds like you on the right path. I am not very strong with ldap, but if you run into a wall let me know - maybe we can figure it out together…

Seems like the problem is Apache web server, I tried the same code on IIS and had no problems with the script?

Have you checked to make sure the Apache server has a server certificate?