Hide Forgot
Description of problem: LDAP support is unavailable through the apache handler but works from the CLI. Version-Release number of selected component (if applicable): 5.0.4 How reproducible: Always Steps to Reproduce: 1.Run this script first from both the CLI and apache. <?php $host = 'ldap://host'; $user = 'cn=Directory Manager'; $pass = 'secret'; echo "<h3>LDAP query test</h3>\n"; echo "Connecting ...\n"; $ds=ldap_connect("$host"); // must be a valid LDAP server! echo "connect result is " . $ds . "<br />"; if ($ds) { echo "Binding ...\n"; $r=ldap_bind($ds,$user,$pass); echo "Bind result is " . $r . "<br />\n"; echo "Closing connection\n"; ldap_close($ds); } else { echo "<h4>Unable to connect to LDAP server</h4>\n"; } ?> Actual results: #From apache via firefox LDAP query test Connecting ... connect result is Resource id #2 Binding ... Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /var/www/html/rootpass/ldaptest2.php on line 15 Bind result is Closing connection Expected results: #From CLI <h3>LDAP query test</h3> Connecting ... connect result is Resource id #4<br />Binding ... Bind result is 1<br /> Closing connection Additional info:
This is probably due the SELinux policy, can you try: setsebool httpd_can_network_connect=1 (pass the -P argument to set the boolean permanently across reboots).
Shit yeh! I guess it prove beneficial for one to get up to speed on SELinux! Thanks for the quick answer and sorry I couldn't figure it out myself! ===q'
No problem, it's under debate whether this boolean should be on by default in the first place. FYI, boilerplate SELinux info: For further information on SELinux/Apache integration in Fedora Core, please see: http://fedora.redhat.com/docs/selinux-apache-fc3/ For general information on SELinux in Fedora Core, please see: http://fedora.redhat.com/docs/selinux-faq-fc3/