[英]LDAP Failure with Zend/Apache
我有一個非常簡單的php ldap腳本,只有在使用Zend和Apache運行時才會失敗。 當我從命令行運行此腳本時,它會通過。 運行strace,我可以看到行為在哪里改變,但是我不能說出原因。 我已經確認正在讀取相同的ldap.conf和正在加載相同的ldap.so。
我相信這是由於證書問題引起的,但是我的設置應該忽略證書問題。
版本信息(從php和apache運行之間似乎完全相同):
OpenSSL: 0.9.8o 01 Jun 2010
OpenLdap: $Id: ldap.c 313665 2011-07-25 11:42:53Z felipe $
Zend: 5.5
PHP: 5.3.8
<?php
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
putenv('LDAPTLS_REQCERT=never');
$ds = ldap_connect("ldaps://myserver.com:636");
$db = ldap_bind($ds, 'user', 'pass');
?>
在我的ldap.conf中,只有“ TLS_REQCERT從不”。 我意識到上面已經重復了。
在apache下運行時,我從ldap獲得以下跟蹤:
ldap_create
ldap_url_parse_ext(ldaps://myserver.com:636)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP myserver.com:636
ldap_new_socket: 20
ldap_prepare_socket: 20
ldap_connect_to_host: Trying <myip>:636
ldap_pvt_connect: fd: 20 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject: /CN=mycn.com,
issuer: /CN=Collaboration Services CA
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:error in SSLv3 write finished A
TLS trace: SSL_connect:error in SSLv3 write finished A
TLS: can't connect: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable.
ldap_err2string
當在命令行上使用相同的php可執行文件運行相同的腳本時,我得到:
ldap_create
ldap_url_parse_ext(ldaps://myserver.com:636)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP myserver.com:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying <my ip>:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject: /CN=myserver.com, issuer: /CN=Collaboration Services CA
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
當檢查運行strace的結果表明它沒有打開ldap.conf文件的權限時,我終於解決了此問題。 打開權限解決了該問題。 但是,由於僅具有與環境變量相同的設置,因此不需要該文件:
putenv('LDAPTLS_REQCERT = never');
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.