Date: Fri, 2 Sep 2005 21:52:43 -0400 (EDT) From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org> To: php-general@lists.php.net, freebsd-questions@freebsd.org Cc: clement@FreeBSD.org, ale@FreeBSD.org Subject: FreeBSD php{4,5} w/ LDAP + SSL/TLS ldap_start_tls() Message-ID: <20050902214813.Q52162@arbitor.digitalfreaks.org>
next in thread | raw e-mail | index | archive | help
All: Firstly, sorry if this is the wrong list. There are thousands of forums and PHP5 related MLs, but nothing FBSD specific. Second, I wouldn't post if this wasn't happening on two completely different FBSD boxes. For whatever reason, the php4 and php5 from FreeBSD ports refuses to properly configure SSL/TLS support for the LDAP module. This breaks the TLS/SSL functionality in net/phpldapadmin and sysutils/ldap-account-manager (CC'ing maintainers) I've got two current i386/RELENG_5_3 boxes. Both with Apache apache-2.0.54_2 and openldap-client-2.2.27. The ldap client binaries are linked to SSL fine and can talk both ldaps:// and Start_TLS over ldap://. That's out of the question. One with php4-4.4.0, one with php5-5.0.3_2 (see below). Both have the LDAP and SSL php extension modules installed: $ egrep -i "ldap|ssl" /usr/local/etc/php/extensions.ini extension=openssl.so extension=ldap.so The php4 box's ldap module is linked to OpenSSL: # ldd /usr/local/lib/php/20020429/ldap.so /usr/local/lib/php/20020429/ldap.so: libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28174000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a7000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b4000) libssl.so.3 => /usr/lib/libssl.so.3 (0x282c8000) The php5 box is as well: $ ldd /usr/local/lib/php/20041030/ldap.so /usr/local/lib/php/20041030/ldap.so: libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28173000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a6000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b3000) libssl.so.3 => /usr/lib/libssl.so.3 (0x282c7000) The problem is that ldap_start_tls() is an unregistered/invalid function. When i run the functions.php at http://www.sitepoint.com/article/php-command-line-2 ldap_start_tls() isn't listed on either machine (see below). The only reference to the problem I've been able to find is a PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=72275 ....but this only relates to PHP4. I don't know why *GRRR*, but this PR was closed without a fix ever being commited or any remarks! Anyway, I tried the proposed solution on the PHP4 machine. I removed the OpenSSL shared extension, export WITH_OPENSSL=true, recompiled php4 CLI/MOD with SSL static. Removed the SSL module from extensions.ini. Same problem. The only possible localized problem I can see is my my predecessor placed: PHP_EXT_INC=openssl in php.conf. I've tried rebuilding with and without that to no avail. Anyway, I'm going to start looking into this tonight. Any thoughts would be appreciated. I'll open a PR when I track down the problem. TIA, ~BAS # pkg_info |grep -i php libmcrypt-2.5.7_1 Multi-cipher cryptographic library (used in PHP) pear-XML_RPC-1.4.0 PHP implementation of the XML-RPC protocol php4-4.4.0 PHP Scripting Language (Apache Module and CLI) php4-ctype-4.4.0 The ctype shared extension for php php4-dba-4.4.0 The dba shared extension for php php4-extensions-1.0 A "meta-port" to install PHP extensions php4-gettext-4.4.0 The gettext shared extension for php php4-ldap-4.4.0 The ldap shared extension for php php4-mcrypt-4.4.0 The mcrypt shared extension for php php4-mysql-4.4.0 The mysql shared extension for php php4-openssl-4.4.0 The openssl shared extension for php php4-overload-4.4.0 The overload shared extension for php php4-pcre-4.4.0 The pcre shared extension for php php4-pear-4.4.0 PEAR framework for PHP php4-pgsql-4.4.0 The pgsql shared extension for php php4-posix-4.4.0 The posix shared extension for php php4-session-4.4.0 The session shared extension for php php4-tokenizer-4.4.0 The tokenizer shared extension for php php4-xml-4.4.0 The xml shared extension for php php4-zlib-4.4.0 The zlib shared extension for php phpldapadmin-0.9.7.a6,1 A set of PHP-scripts to administer LDAP servers $ pkg_info |grep -i php5 php5-5.0.4_1 PHP Scripting Language (Apache Module and CLI) php5-bz2-5.0.3_2 The bz2 shared extension for php php5-calendar-5.0.3_2 The calendar shared extension for php php5-ctype-5.0.3_2 The ctype shared extension for php php5-curl-5.0.4_2 The curl shared extension for php php5-dom-5.0.3_2 The dom shared extension for php php5-exif-5.0.3_2 The exif shared extension for php php5-extensions-1.0 A "meta-port" to install PHP extensions php5-ftp-5.0.3_2 The ftp shared extension for php php5-gd-5.0.3_2 The gd shared extension for php php5-gettext-5.0.3_2 The gettext shared extension for php php5-iconv-5.0.3_2 The iconv shared extension for php php5-imap-5.0.3_2 The imap shared extension for php php5-ldap-5.0.4_2 The ldap shared extension for php php5-mcrypt-5.0.3_2 The mcrypt shared extension for php php5-mhash-5.0.3_2 The mhash shared extension for php php5-mysql-5.0.3_2 The mysql shared extension for php php5-odbc-5.0.4_2 The odbc shared extension for php php5-openssl-5.0.3_2 The openssl shared extension for php php5-pcre-5.0.3_2 The pcre shared extension for php php5-pear-5.0.3_2 PEAR framework for PHP php5-pgsql-5.0.3_2 The pgsql shared extension for php php5-posix-5.0.3_2 The posix shared extension for php php5-session-5.0.3_2 The session shared extension for php php5-simplexml-5.0.3_2 The simplexml shared extension for php php5-soap-5.0.3_2 The soap shared extension for php php5-sqlite-5.0.3_2 The sqlite shared extension for php php5-sysvmsg-5.0.3_2 The sysvmsg shared extension for php php5-sysvsem-5.0.3_2 The sysvsem shared extension for php php5-sysvshm-5.0.3_2 The sysvshm shared extension for php php5-tokenizer-5.0.3_2 The tokenizer shared extension for php php5-xml-5.0.3_2 The xml shared extension for php php5-zlib-5.0.3_2 The zlib shared extension for php php4box# php public_html/functions.php -e ldap ldap_connect ldap_close ldap_bind ldap_unbind ldap_read ldap_list ldap_search ldap_free_result ldap_count_entries ldap_first_entry ldap_next_entry ldap_get_entries ldap_first_attribute ldap_next_attribute ldap_get_attributes ldap_get_values ldap_get_values_len ldap_get_dn ldap_explode_dn ldap_dn2ufn ldap_add ldap_delete ldap_modify ldap_mod_add ldap_mod_replace ldap_mod_del ldap_errno ldap_err2str ldap_error ldap_compare ldap_sort ldap_rename ldap_get_option ldap_set_option ldap_first_reference ldap_next_reference ldap_set_rebind_proc php5 box$ php functions.php -e ldap ldap_connect ldap_close ldap_bind ldap_unbind ldap_read ldap_list ldap_search ldap_free_result ldap_count_entries ldap_first_entry ldap_next_entry ldap_get_entries ldap_first_attribute ldap_next_attribute ldap_get_attributes ldap_get_values ldap_get_values_len ldap_get_dn ldap_explode_dn ldap_dn2ufn ldap_add ldap_delete ldap_modify ldap_mod_add ldap_mod_replace ldap_mod_del ldap_errno ldap_err2str ldap_error ldap_compare ldap_sort ldap_get_option ldap_set_option ldap_parse_result ldap_first_reference ldap_next_reference ldap_rename ldap_set_rebind_proc -- ~ TIA, Brian A. Seklecki Collaborative Fusion, Inc. bseklecki@collaborativefusion.com 412-422-3463 x 4018 1710 Murray Avenue, Suite 320 Pittsburgh, PA 15217 l8* -lava x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050902214813.Q52162>