Bug 165592 - Unable to use LDAP in php scripts
Summary: Unable to use LDAP in php scripts
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
Keywords: SELinux
Depends On:
TreeView+ depends on / blocked
Reported: 2005-08-10 17:19 UTC by Tim
Modified: 2007-11-30 22:11 UTC (History)
0 users

Clone Of:
Last Closed: 2005-08-10 20:22:58 UTC

Attachments (Terms of Use)

Description Tim 2005-08-10 17:19:16 UTC
Description of problem:
LDAP support is unavailable through the apache handler but works from the CLI.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Run this script first from both the CLI and apache.
$host = 'ldap://host';
$user = 'cn=Directory Manager';
$pass = 'secret';

echo "<h3>LDAP query test</h3>\n";
echo "Connecting ...\n";
$ds=ldap_connect("$host");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) {
   echo "Binding ...\n";
   echo "Bind result is " . $r . "<br />\n";

   echo "Closing connection\n";

} else {
   echo "<h4>Unable to connect to LDAP server</h4>\n";
Actual results:
#From apache via firefox
LDAP query test
Connecting ... connect result is Resource id #2
Binding ...
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't
contact LDAP server in /var/www/html/rootpass/ldaptest2.php on line 15
Bind result is
Closing connection

Expected results:
#From CLI
<h3>LDAP query test</h3>
Connecting ...
connect result is Resource id #4<br />Binding ...
Bind result is 1<br />
Closing connection

Additional info:

Comment 1 Joe Orton 2005-08-10 19:54:48 UTC
This is probably due the SELinux policy, can you try:

  setsebool httpd_can_network_connect=1

(pass the -P argument to set the boolean permanently across

Comment 2 Tim 2005-08-10 20:07:29 UTC
Shit yeh! I guess it prove beneficial for one to get up to speed on SELinux!
Thanks for the quick answer and sorry I couldn't figure it out myself! ===q'

Comment 3 Joe Orton 2005-08-10 20:22:58 UTC
No problem, it's under debate whether this boolean should be on by default in
the first place.

FYI, boilerplate SELinux info:

For further information on SELinux/Apache integration in Fedora Core,
please see: http://fedora.redhat.com/docs/selinux-apache-fc3/

For general information on SELinux in Fedora Core, please see:

Note You need to log in before you can comment on or make changes to this bug.