PHP 5.3.5 ldap_search(): Search: Can't contact LDAP server

5
votes

I have a LDAP PHP class which works on all other PHP installations in our company. However, the code stopped working now that I changed from SuSE to Ubuntu 11.04. The PHP version is 5.3.5.

I try to connect to our LDAP server. After connecting to it I try to run ldap_search. It fails with the error message 'ldap_search(): Search: Can't contact LDAP server'. I had a look into the traffic using wireshark and could see communication happening between php and ldap, alas no connection happened.

Thanks for your thoughts, Uwe

Here is the code I use:

class ldap{
    private $ldap_conn;
    private $ldaphost;
    private $ldapport;

    public function __construct ()
    {
      $this->ldaphost = 'ldaps://ourserver.co.nz';  // obviously a fake name 
      $this->ldapport = 636;
      $this->ldap_conn = ldap_connect($this->ldaphost, $this->ldapport) or die("Could not connect to $this->ldaphost");
    }

    public function signin ($username,$password, $applicationName)
    {
        $dn = "o=MY_COM";
        $filter="(cn=$username)";

        $justthese = array("dn","fullname", "mail");

        $sr=ldap_search($this->ldap_conn, $dn, $filter, $justthese);

        $people = ldap_get_entries($this->ldapconn, $sr);

        if (!$people || count($people) == 0 || $people['count'] == 0)
        {  //Nothing found, quit.
            return AUTH_ERROR_NO_DN;
        }

        $dn = ($people[0]['dn']);

        if (($dn!='')&&($password!=''))
        {
            $loginStatus = @ldap_bind($this->ldapconn, $dn, $password);
            if ($loginStatus)
            {
                $fullname = $people[0]['fullname'][0];
                if ($fullname=='')
                {
                    $fullname =$dn;
                }
                $user = array(
                  'logged_in_dn'  => $dn,
                  'password'      => $password,
                  'username'      => $fullname,
                  'cn'            => $username,
                  'mail'          => $people[0]['mail'][0],
                  'status'        => 'AUTHENTICATED'
                  );
            } else
            {
                $user = array(
                  'status'=> array('AUTH_ERROR_WRONG_PASSWORD'),
                  'details'       => array(             
                    'logged_in_dn'  => '',
                    'password'      => '',
                    'username'      => '',
                    'cn'            => '',
                    'mail'          => '',
                    'status'        => 'AUTHENTICATED'
                    )
                  );    
            }
        } else
        {
                $user = array(
                  'status'=> array('AUTH_ERROR_NO_DN'),
                  'details'       => array(             
                    'logged_in_dn'  => '',
                    'password'      => '',
                    'username'      => '',
                    'cn'            => '',
                    'mail'          => '',
                    'status'        => 'AUTHENTICATED'
                    )
                  );    
        }
        return $user;
    }

This is the unit test executing the methods: class unit_ldapConnectTest extends TadPhpUnitTestCase

{

  function testLdapconnection () {  
  $ldap = new LDAP();
  $user = $ldap->signin('myname','password','');


  }
}
1
phpubuntuldap
Do you have SSL configured properly?Jared Farrish
Which directory server product are you using?Terry Gardner

1 Answers

8
votes

It's possibly an LDAP version issue.

After you call ldap_connect call this:

ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);