PHP无法连接到LDAP Oracle Directory Server Enterprise Edition [英] PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition
问题描述
使用此工具已经有好几天了,并且无法使php绑定到Oracle DSEE上的ldap.
Been playing with this for days and can not get php to bind to ldap on Oracle's DSEE.
function test(){
// LDAP variables
$ldaphost = "xxx.xxxxx.com";
$ldapport = 636;
$ldaprdn = 'cn=xyxyxyxy,ou=Accounts,dc=xxx,dc=xxxxx,dc=com';
$ldappass = 'vcvcvcvcvc';
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // isn't helping
// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
}
我得到了错误:
消息:ldap_bind()[function.ldap-bind]:无法绑定到服务器:无法联系LDAP服务器
在这根头发上扯掉我的头发.我就是束缚不住东西.
Tearing my hair out on this one. I just can't get the thing to bind.
已尝试使用直通telnet到端口636上的主机,并且没有被任何防火墙阻止.奇怪的是,我在屏幕上或日志中没有从"LDAP_OPT_DEBUG_LEVEL"中获得任何额外的调试信息.
Have tried a straight telnet to the host on port 636 and am not being blocked by any firewall. Peculiarly I am not getting any extra debug info from the 'LDAP_OPT_DEBUG_LEVEL' on screen or in my logs.
推荐答案
start_tls()和ldaps是互斥的,这意味着您不能在ssl端口(标准636)上发出start_tls(),也不能在ldaps未加密的端口(标准389). start_tls()命令在启动连接后在未加密的端口上启动安全连接,因此您将在绑定进行加密之前发出此命令.另一组通用端口是3268(未加密)和3269(ssl),可以在您的服务器中启用.
start_tls() and ldaps is mutually exclusive, meaning you cannot issue start_tls() on the ssl port (standard 636), or initiate ldaps on an unecrypted port (standard 389). The start_tls() command initiate a secure connection on the unencrypted port after connection is initiated, so you would then issue this before the bind takes place to make it encrypted. Another set of common ports is 3268 (unecrypted) and 3269 (ssl) which might be enabled in your server.
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
正在根据您的日志级别将日志记录到Web服务器错误日志中,或记录到粗壮(从PHP CLI)中.要在此处获取更多信息,请检查您的Web服务器日志级别设置,或直接从命令行运行php脚本.
is logging to your web servers error log, depending on your log level, or to stout (from PHP CLI). To gain more information here, check your web server log level setting, or simply run your php script from command line.
要成功使用ssl端口,您需要指定ldaps://前缀,而在未加密的端口上则不需要(带有ldap://前缀).
To successfully use the ssl port, you need to specify the ldaps:// prefix, while on the unencrypted port this is not necessary (with a ldap:// prefix).
查看您的代码,这可能是协议版本问题,因为PHP默认情况下使用版本2.要解决此问题,您可以发出:
Looking at your code, this could be a protocol version issue as PHP by default use version 2. To solve this, you can issue:
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($conn, LDAP_OPT_REFERRALS,0);
在尝试绑定之前.
您还可以查看中的代码使用PHP安全绑定到Active Directory ,我在CentOS 5中成功使用了它,但是在Ubuntu中却遇到了问题.如果您的服务器具有未加密的开放端口,则最好对它进行未加密的测试绑定,以排除任何连接问题.
You can also have a look at the code in Problems with secure bind to Active Directory using PHP which I successfully use in CentOS 5, but is having problems in Ubuntu. If your server has an open unencrypted port, it's a good idea to do an unencrypted test bind against it to rule out any connectivity issues.
要检查端口是否打开,可以检查telnet是否连接到该端口,例如:
To check if the port is open, you can check if telnet connects to it, E.G:
telnet my.server.com 3268
如果端口是开放的,那么您应该可以使用它进行绑定.
If the port is open, then you should be able to bind using it.
*编辑:如果ssl证书被视为无效,则连接将失败,如果是这种情况,则将调试级别设置为7即可宣布.要解决此特定问题,您需要忽略有效性:
*Edit: If the ssl certificate is deemed invalid, the connection will fail, if this is the case, setting the debug level to 7 would announce this. To get around this specific problem you need to ignore the validity:
您可以通过发出命令来忽略Windows中的有效性
You can ignore the validity in windows by issuing
putenv('LDAPTLS_REQCERT=never');
在您的php代码中.在* nix中,您需要编辑/etc/ldap.conf以包含
in your php code. In *nix you need to edit your /etc/ldap.conf to contain
TLS_REQCERT never
这篇关于PHP无法连接到LDAP Oracle Directory Server Enterprise Edition的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
