Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:35527
Return-Path: <jamuelle@ee.ethz.ch>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 20443 invoked by uid 1010); 15 Feb 2008 15:04:30 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 20428 invoked from network); 15 Feb 2008 15:04:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Feb 2008 15:04:30 -0000
Authentication-Results: pb1.pair.com smtp.mail=jamuelle@ee.ethz.ch; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=jamuelle@ee.ethz.ch; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain ee.ethz.ch from 129.132.2.219 cause and error)
X-PHP-List-Original-Sender: jamuelle@ee.ethz.ch
X-Host-Fingerprint: 129.132.2.219 smtp.ee.ethz.ch Solaris 10 (beta)
Received: from [129.132.2.219] ([129.132.2.219:43221] helo=smtp.ee.ethz.ch)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 95/21-11466-CF9A5B74 for <internals@lists.php.net>; Fri, 15 Feb 2008 10:04:29 -0500
Received: from localhost (localhost [127.0.0.1])
	by smtp.ee.ethz.ch (Postfix) with ESMTP id EA79DD93CC
	for <internals@lists.php.net>; Fri, 15 Feb 2008 16:04:15 +0100 (MET)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1])
	by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id Zx+KIBmebKzn for <internals@lists.php.net>;
	Fri, 15 Feb 2008 16:04:15 +0100 (MET)
Received: from [192.168.2.101] (84-75-100-96.dclient.hispeed.ch [84.75.100.96])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: jamuelle)
	by smtp.ee.ethz.ch (Postfix) with ESMTP id B14E9D9399
	for <internals@lists.php.net>; Fri, 15 Feb 2008 16:04:05 +0100 (MET)
Message-ID: <47B5AA4B.2060700@ee.ethz.ch>
Date: Fri, 15 Feb 2008 16:05:47 +0100
Reply-To: jamuelle@ee.ethz.ch
User-Agent: Thunderbird 2.0.0.9 (X11/20071130)
MIME-Version: 1.0
To: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: DNS problem with ldap_search
From: jamuelle@ee.ethz.ch (=?ISO-8859-1?Q?Jan_M=FCller?=)

Hi,

A few days ago I posted the same problem to the php-general list and I
had no luck with an answer. Maybe someone on this list has some
knowledge with ldap authentication?

I try to authenticate users with LDAP at an Active Directory Server
(AD). Everything works fine. Just in some cases, authentication is not
possible.

Some testing with tcpdumps and the like enabled us to locate the problem
in the php function ldap_search. If this function is called like it is
shown in the code below, it starts a DNS query to the ldap "context"
(example.ch in this case, the second argument to "ldap_search").

And this DNS query seems to break the already working communication with
an other AD Server (there are several fallback servers) because it
returns a different address than the one which is in use for the already
established communication.

I'm using php-5.2.5 with apache on a RedHat Linux virtual-machine

After looking at the php code, I have the feeling that the source of
this problem may well come directly from OpenLDAP. But does somebody
know about this "problem"?

Thank you for your help!

Regards,
Jan



<?php
//   $server == LDAP Server
//   $bind_cn == Distinguished Name of (AD) LDAP Bind User
//   $bind_pw == Password of (AD) LDAP Bind User
//   "DC=example,DC=ch" == User lookup Context

$con = ldap_connect($server);

$bnd = ldap_bind($con, $bind_cn, $bind_pw);

$res = ldap_search($con, "DC=example,DC=ch", "sAMAccountName=username");

ldap_close($con);
?>