PHP - ldap_bind error expects parameter 1 to be resource, boolean given

1
votes

I want to do an ldap serach using the basic functions of php. I have a problem with the resource returned by ldap connection (function ldap_connect()). It seems to be working fine but I’m getting this warning when it comes to ldap bind :

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in ..

And then ldap_error() returns the following warning :

Warning: ldap_error() expects parameter 1 to be resource, boolean given in..

I made a var_dump to see the value returned by ldap_connect. Here is the complete code:

<? php
$host = "ldaps://valid.host.name.fr";
$port = 636;
$username = 'uid=HEDE45,ou=Applis,dc=ldapannuaire';
$password = 'mdp1234';
$baseDn = 'dc=ldapannuaire';
$person = 'JACKSON';
$filter="(sn=$person*)";

$connectStr = $host.":".$port;

echo "Connecting ...\n";
$ds = ldap_connect($connectStr);

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0) or die('Unable to set LDAP referrals'); // We need this for doing an LDAP search.

if ($ds) { 
    echo "Binding ...\n";
    var_dump($ds);
    $bind = ldap_bind($ds, $username, $password);
    ldap_error($bind);
    if ($bind) {
        echo "LDAP bind successful...\n";
        $search = ldap_search($ds, $baseDn, $filter) or exit("Unable to search LDAP server, response was: " . ldap_error($search));
        // Search users 
        $info = ldap_get_entries($ds, $search);
        echo $info["count"]." entries returned\n";
        // close connection
        ldap_unbind($bind);
    } else {
        echo "LDAP bind failed...\n";
    }
}
ldap_close($ds);

I execute my code in an SSH terminal using the command line. I get the following result: 

[webadmin@myserverfaraway~]$ /software/apache/apa_2.2.24/php-5.3.23/bin/php -c /myproject/apache_2.2.24/php_5.3.23/conf/php.ini  /myproject/apache_2.2.24/htdocs/chrons/searchPeople.php
Connecting ...
Binding ...
resource(8) of type (ldap link)

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /myproject/apache_2.2.24/htdocs/chrons/searchPeople.php on line 21

Warning: ldap_error() expects parameter 1 to be resource, boolean given in /myproject/apache_2.2.24/htdocs/chrons/searchPeople.php  on line 22
LDAP bind failed...
[webadmin@myserverfaraway ~]$

I don’t understand why after the bind, I have a boolean instead of having the ldap resource link (resource(8) of type (ldap link)). Can someone help me find the problem?

Thanks..

1
phpldap
From php.net/manual/en/function.ldap-connect.php If the syntactic check fails it returns FALSE. Could that be the case here? Add this to your ldap_connect to know if it worked: or die("Could not connect to $connectStr"); - Nic3500
What happens if you connect using two parameters (for host and port) instead of using a full LDAP URI ? e.g. $ds = ldap_connect('valid.host.name.fr', 636); - EricLavault
i'm getting "success" as a response after ldap_connect. thanks for the warning, it was a copy-past error @RathanNaik - cglvli
it does the same thing, i've tried that too. thanks anyway @EricLavault do i miss a configuration ? - cglvli
Have you tried to perform run this query through CLI using ldap_search ? - EricLavault

1 Answers

2
votes

It looks like a nonvalid certificate error. ldap_connect() will always return a resource even an error occurs.

Regarding documentation;

ldap_connect() will always return a resource as it does not actually connect but just initializes the connecting parameters. The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind().

If you are using a nonvalid cert, you can force to accept it configuring

/etc/openldap/ldap.conf

with

TLS_REQCERT allow or TLS_REQCERT never directives.

If you do not have permission to modifiy the conf file , simply you can set environment variable in the beginning of your script by putenv('LDAPTLS_REQCERT=allow'); or putenv('LDAPTLS_REQCERT=never');

As a tip, you can set LDAP_OPT_DEBUG_LEVEL to 7 to see further details of your connection by adding ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); to your script.