Bug 165592 - Unable to use LDAP in php scripts
Summary: Unable to use LDAP in php scripts
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-08-10 17:19 UTC by Tim
Modified: 2007-11-30 22:11 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2005-08-10 20:22:58 UTC


Attachments (Terms of Use)

Description Tim 2005-08-10 17:19:16 UTC
Description of problem:
LDAP support is unavailable through the apache handler but works from the CLI.

Version-Release number of selected component (if applicable):
5.0.4

How reproducible:
Always

Steps to Reproduce:
1.Run this script first from both the CLI and apache.
<?php
$host = 'ldap://host';
$user = 'cn=Directory Manager';
$pass = 'secret';

echo "<h3>LDAP query test</h3>\n";
echo "Connecting ...\n";
$ds=ldap_connect("$host");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) {
   echo "Binding ...\n";
   $r=ldap_bind($ds,$user,$pass);
   echo "Bind result is " . $r . "<br />\n";

   echo "Closing connection\n";
   ldap_close($ds);

} else {
   echo "<h4>Unable to connect to LDAP server</h4>\n";
}
?>
  
Actual results:
#From apache via firefox
LDAP query test
Connecting ... connect result is Resource id #2
Binding ...
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't
contact LDAP server in /var/www/html/rootpass/ldaptest2.php on line 15
Bind result is
Closing connection

Expected results:
#From CLI
<h3>LDAP query test</h3>
Connecting ...
connect result is Resource id #4<br />Binding ...
Bind result is 1<br />
Closing connection

Additional info:

Comment 1 Joe Orton 2005-08-10 19:54:48 UTC
This is probably due the SELinux policy, can you try:

  setsebool httpd_can_network_connect=1

(pass the -P argument to set the boolean permanently across
reboots).



Comment 2 Tim 2005-08-10 20:07:29 UTC
Shit yeh! I guess it prove beneficial for one to get up to speed on SELinux!
Thanks for the quick answer and sorry I couldn't figure it out myself! ===q'

Comment 3 Joe Orton 2005-08-10 20:22:58 UTC
No problem, it's under debate whether this boolean should be on by default in
the first place.

FYI, boilerplate SELinux info:

For further information on SELinux/Apache integration in Fedora Core,
please see: http://fedora.redhat.com/docs/selinux-apache-fc3/

For general information on SELinux in Fedora Core, please see:
http://fedora.redhat.com/docs/selinux-faq-fc3/



Note You need to log in before you can comment on or make changes to this bug.