php-ldap : Error -1 : Can't contact LDAP server
Bonjour à tous,
J'espère être dans la bonne sous section.
Je requiers votre aide car je ne parviens pas à mettre le doigt sur le souci.
Je suis en train de déménager un serveur web et j'ai un souci étrange.
Ancien serveur :
CentOS Linux release 7.9.2009 (Core)
Server version: Apache/2.4.6 (CentOS)
PHP 8.0.24 (cli)
Nouveau serveur :
AlmaLinux release 8.7 (Stone Smilodon)
Server version: Apache/2.4.37 (AlmaLinux)
PHP 8.0.26 (cli)
La fonction ldap_bind ne fonctionne pas en TLS depuis la page web.
Voici le script de test :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| <?php
$server = "ldap://xxx:389";
$login = "xxx";
$password = "xxx";
$basedn = 'dc=xxx,dc=com';
$group = 'xxx';
// Connexion à LDAP.
echo "Connexion...<br>";
$ldap_con=ldap_connect($server) or die('Could not connect to LDAP server.');
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/etc/pki/tls/certs/xxx.pem");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/etc/pki/tls/private/xxx.key");
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldap_con, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap_con, LDAP_OPT_NETWORK_TIMEOUT, 10);
ldap_start_tls($ldap_con);
if (!@ldap_bind($ldap_con, $login . "@xxx.com", $password))
{
// Ici on peut voir quelle est la vraie nature de l'erreur (commenter la redirection)
echo "<p>Error:" . ldap_error($ldap_con) . "</p>";
echo "<p>Error number:" . ldap_errno($ldap_con) . "</p>";
echo "<p>Error:" . ldap_err2str(ldap_errno($ldap_con)) . "</p>";
// Rediriger quand erreur
// header("Location: https://xxx.com?error=1");
}
else
{
echo "";
echo "OK TOTO";
echo "";
}
ldap_bind($ldap_con, $login . "@xxx.com", $password);
?> |
Voici l'output :
La première fois, je prends un timeout :
Citation:
PHP Warning: ldap_start_tls(): Unable to start TLS: Timed out in /var/www/html/SI/test2.php on line 17
Ensuite ça marche:
Citation:
Connexion...<br>ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP xxx:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying xxx:389
ldap_pvt_connect: fd: 4 tm: 10 async: 0
ldap_ndelay_on: 4
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 4 tm: 10
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x55bbf6816c40 msgid 1
wait4msg ld 0x55bbf6816c40 msgid 1 (infinite timeout)
wait4msg continue ld 0x55bbf6816c40 msgid 1 all 1
** ld 0x55bbf6816c40 Connections:
* host: xxx port: 389 (default)
refcnt: 2 status: Connected
last used: Mon Nov 28 16:50:16 2022
** ld 0x55bbf6816c40 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x55bbf6816c40 request count 1 (abandoned 0)
** ld 0x55bbf6816c40 Response Queue:
Empty
ld 0x55bbf6816c40 response count 0
ldap_chkResponseList ld 0x55bbf6816c40 msgid 1 all 1
ldap_chkResponseList returns ld 0x55bbf6816c40 NULL
ldap_int_select
read1msg: ld 0x55bbf6816c40 msgid 1 all 1
read1msg: ld 0x55bbf6816c40 msgid 1 message type extended-result
read1msg: ld 0x55bbf6816c40 0 new referrals
read1msg: mark request completed, ld 0x55bbf6816c40 msgid 1
request done: ld 0x55bbf6816c40 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ldap_parse_result
ldap_msgfree
TLS trace: SSL_connect:before SSL initialization
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:error in SSLv3/TLS write client hello
ldap_int_tls_start: ldap_int_tls_connect needs read
ldap_int_poll: fd: 4 tm: 10
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS read server hello
TLS certificate verification: depth: 1, err: 0, subject: xxx, issuer: xxxx
TLS certificate verification: depth: 0, err: 0, subject: , issuer: xxxx
TLS trace: SSL_connect:SSLv3/TLS read server certificate
TLS trace: SSL_connect:SSLv3/TLS read server key exchange
TLS trace: SSL_connect:SSLv3/TLS read server certificate request
TLS trace: SSL_connect:SSLv3/TLS read server done
TLS trace: SSL_connect:SSLv3/TLS write client certificate
TLS trace: SSL_connect:SSLv3/TLS write client key exchange
TLS trace: SSL_connect:SSLv3/TLS write certificate verify
TLS trace: SSL_connect:SSLv3/TLS write change cipher spec
TLS trace: SSL_connect:SSLv3/TLS write finished
TLS trace: SSL_connect:error in SSLv3/TLS write finished
ldap_int_tls_start: ld 0x55bbf6816c40 9 s 983479 us to go
ldap_int_tls_start: ldap_int_tls_connect needs read
ldap_int_poll: fd: 4 tm: 9
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
TLS trace: SSL_connect:SSLv3/TLS write finished
TLS trace: SSL_connect:SSLv3/TLS read change cipher spec
TLS trace: SSL_connect:SSLv3/TLS read finished
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55bbf6816c40 msgid 2
wait4msg ld 0x55bbf6816c40 msgid 2 (infinite timeout)
wait4msg continue ld 0x55bbf6816c40 msgid 2 all 1
** ld 0x55bbf6816c40 Connections:
* host: xxxx port: 389 (default)
refcnt: 2 status: Connected
last used: Mon Nov 28 16:50:16 2022
** ld 0x55bbf6816c40 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x55bbf6816c40 request count 1 (abandoned 0)
** ld 0x55bbf6816c40 Response Queue:
Empty
ld 0x55bbf6816c40 response count 0
ldap_chkResponseList ld 0x55bbf6816c40 msgid 2 all 1
ldap_chkResponseList returns ld 0x55bbf6816c40 NULL
ldap_int_select
read1msg: ld 0x55bbf6816c40 msgid 2 all 1
read1msg: ld 0x55bbf6816c40 msgid 2 message type bind
read1msg: ld 0x55bbf6816c40 0 new referrals
read1msg: mark request completed, ld 0x55bbf6816c40 msgid 2
request done: ld 0x55bbf6816c40 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ldap_msgfree
OK TOTOldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55bbf6816c40 msgid 3
wait4msg ld 0x55bbf6816c40 msgid 3 (infinite timeout)
wait4msg continue ld 0x55bbf6816c40 msgid 3 all 1
** ld 0x55bbf6816c40 Connections:
* host: xxxx port: 389 (default)
refcnt: 2 status: Connected
last used: Mon Nov 28 16:50:16 2022
** ld 0x55bbf6816c40 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55bbf6816c40 request count 1 (abandoned 0)
** ld 0x55bbf6816c40 Response Queue:
Empty
ld 0x55bbf6816c40 response count 0
ldap_chkResponseList ld 0x55bbf6816c40 msgid 3 all 1
ldap_chkResponseList returns ld 0x55bbf6816c40 NULL
ldap_int_select
read1msg: ld 0x55bbf6816c40 msgid 3 all 1
read1msg: ld 0x55bbf6816c40 msgid 3 message type bind
read1msg: ld 0x55bbf6816c40 0 new referrals
read1msg: mark request completed, ld 0x55bbf6816c40 msgid 3
request done: ld 0x55bbf6816c40 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
Mais lorsque le script est lancé via un navigateur :
Citation:
Connexion...
Error:Can't contact LDAP server
Error number:-1
Error:Can't contact LDAP server
A noter que si je ne lance pas ldap_start_tls($ldap_con); la connexion se fait correctement.
Je ne comprends pas ce qu'il se passe.
Pouvez vous m'aider?
Cordialement,
Alex.
