Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 165592 - Unable to use LDAP in php scripts
Unable to use LDAP in php scripts
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2005-08-10 13:19 EDT by Tim
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-10 16:22:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tim 2005-08-10 13:19:16 EDT
Description of problem:
LDAP support is unavailable through the apache handler but works from the CLI.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Run this script first from both the CLI and apache.
$host = 'ldap://host';
$user = 'cn=Directory Manager';
$pass = 'secret';

echo "<h3>LDAP query test</h3>\n";
echo "Connecting ...\n";
$ds=ldap_connect("$host");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) {
   echo "Binding ...\n";
   echo "Bind result is " . $r . "<br />\n";

   echo "Closing connection\n";

} else {
   echo "<h4>Unable to connect to LDAP server</h4>\n";
Actual results:
#From apache via firefox
LDAP query test
Connecting ... connect result is Resource id #2
Binding ...
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't
contact LDAP server in /var/www/html/rootpass/ldaptest2.php on line 15
Bind result is
Closing connection

Expected results:
#From CLI
<h3>LDAP query test</h3>
Connecting ...
connect result is Resource id #4<br />Binding ...
Bind result is 1<br />
Closing connection

Additional info:
Comment 1 Joe Orton 2005-08-10 15:54:48 EDT
This is probably due the SELinux policy, can you try:

  setsebool httpd_can_network_connect=1

(pass the -P argument to set the boolean permanently across

Comment 2 Tim 2005-08-10 16:07:29 EDT
Shit yeh! I guess it prove beneficial for one to get up to speed on SELinux!
Thanks for the quick answer and sorry I couldn't figure it out myself! ===q'
Comment 3 Joe Orton 2005-08-10 16:22:58 EDT
No problem, it's under debate whether this boolean should be on by default in
the first place.

FYI, boilerplate SELinux info:

For further information on SELinux/Apache integration in Fedora Core,
please see: http://fedora.redhat.com/docs/selinux-apache-fc3/

For general information on SELinux in Fedora Core, please see:

Note You need to log in before you can comment on or make changes to this bug.