LDAP 可与 PHP CLI 一起使用，但不能通过 apache

本文介绍了LDAP 可与 PHP CLI 一起使用，但不能通过 apache的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试通过 LDAP 对 Fedora 机器上的 Windows 2008 服务器进行身份验证.

I'm trying to authenticate over LDAP against a Windows 2008 Server from a Fedora box.

以下代码可从命令行运行(打印Success"):

The following code works from the command line (prints "Success"):

if($ldap = ldap_connect('10.0.0.101'))
{
  ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
  $bind = ldap_bind($ldap,'administrator@domain.tld','XXXXXXX');
  print ldap_error($ldap);
}

...通过 Apache/mod_php 提取相同的文件会打印无法联系 LDAP 服务器"

...pulling the same file via Apache/mod_php prints "Can't contact LDAP server"

我已经看到很多关于此类问题的报告，但没有关于如何解决它的有用信息.

I've seen a lot of reports of issues like this, but no useful information on how to resolve it.

推荐答案

我刚刚在centos6上解决了这个确切的问题很长时间.php.ini 的区别似乎是一个检查的好地方，但它并没有给我答案.原来这与 SELinux 有关.

I just fought this exact problem for a long time on centos6. The php.ini difference seem like a good place to check, but it didn't give me the answer. It turns out this was related to SELinux.

$ getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> on
httpd_can_network_memcache --> on
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off

您会注意到，在我的例子中，httpd_can_network_connect 被设置为关闭.这是 SELinux 中的布尔值，可以使用以下命令进行调整.

You'll note, that in my case, httpd_can_network_connect was set to off. This is a boolean in SELinux and can be adjusted with the following command.

$ setsebool -P httpd_can_network_connect on

你可以在 http://wiki.centos.org/TipsAndTricks/SelinuxBooleans 阅读更多关于这个的内容，它明确使用以apache和ldap为例.希望对您有所帮助！

You can read more about this at http://wiki.centos.org/TipsAndTricks/SelinuxBooleans which explicitly uses the case of apache and ldap as an example. Hope it helps!

这篇关于LDAP 可与 PHP CLI 一起使用，但不能通过 apache的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除！

LDAP 可与 PHP CLI 一起使用，但不能通过 apache

问题描述

推荐答案

相关文档推荐