LDAP Connection Issue on Apache Web Server

GomathiUoM · September 26, 2017, 1:35am

Hi..

I have very limited knowledge on LDAP and its configuration and but I have been trying to figure out one issue that takes place when I am running the program that is written in php, but so far its unsuccessful.

The server, I am working on is ldap server, which is running on Apache. After testing a program (i.e.ldap://localhost:10389/) locally successfully the same was hosted on the web server (Linux Apache server). while running the same program via http ://abc.net:2020/conn.php, it stopped at the "$ldapconn = ldap_connect($host, $port)" and not proceeding to the next line (showstopper), and at the same time not showing any error message too, therefore, I am unable to find out where the issue is actually taking place.

The program I wrote on php is :

<html>
    <body>
        <?php
        $host = "ldap://1.1.11.111";
        $port = "389";
        
        echo "<br><br>Connecting to ".$host."..........";
        $ldapconn = ldap_connect($host, $port) 
                  or die("Could not connect to {$ldaphost}");
        echo "<br><font style='color:blue'>Connected Successfully!</font>";
        ?>
    </body>
</html>

Help needed to solve this issue.

Thanks in advance.

drysdalk · September 27, 2017, 2:45am

Hi,

Firstly I have to say I'm no PHP expert (to put it mildly), but I suspect this isn't actually a PHP problem.

The first thing I'd recommend is trying to do a bit of extra debugging in your code. From some Googling for this kind of problem, it seems you can enable verbose debugging output in your script by adding a line like this near the top:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

This should cause the script to display a lot more information about what the LDAP functions are doing, or not doing. I suspect you'll have to have the printing of errors and warnings enabled in your php.ini to actually see that output, though I could be wrong.

If I were to guess myself what's going on, I'd say it's most likely a network connectivity or SSL handshaking issue. So the main thing is to check to see if you can actually connect over standard LDAP to the IP in your script, since as things stand you're attempting a plaintext, non-SSL connection on port 389.

From the Bash prompt, are you able to telnet to the host specified in your script on the same port you're using (i.e. does telnet 1.1.11.111 389 actually work) ? Or on a more advanced but even more useful note, if you have ldap-utils installed you could see what happens if you try ldapsearch -d 1 -H ldap://1.1.11.111 .

It could be that your LDAP server is running on a port other than 389 or needs you to use LDAPS rather than plain LDAP. Anyway, hopefully some of the above will give you some pointers in the right direction.