问题描述
玩了几天,无法让 php 绑定到 Oracle 的 DSEE 上的 ldap.
Been playing with this for days and can not get php to bind to ldap on Oracle's DSEE.
function test(){
// LDAP variables
$ldaphost = "xxx.xxxxx.com";
$ldapport = 636;
$ldaprdn = 'cn=xyxyxyxy,ou=Accounts,dc=xxx,dc=xxxxx,dc=com';
$ldappass = 'vcvcvcvcvc';
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // isn't helping
// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
}
我得到错误:
消息:ldap_bind() [function.ldap-bind]:无法绑定到服务器:无法联系 LDAP 服务器
把我的头发扯掉了.我就是无法绑定.
Tearing my hair out on this one. I just can't get the thing to bind.
已尝试通过 636 端口直接 telnet 到主机,并且没有被任何防火墙阻止.奇怪的是,我没有从屏幕上的LDAP_OPT_DEBUG_LEVEL"或我的日志中获得任何额外的调试信息.
Have tried a straight telnet to the host on port 636 and am not being blocked by any firewall. Peculiarly I am not getting any extra debug info from the 'LDAP_OPT_DEBUG_LEVEL' on screen or in my logs.
推荐答案
start_tls()
和 ldaps
互斥,意味着不能发出 start_tls()
在 ssl 端口(标准 636)上,或在未加密的端口(标准 389)上启动 ldaps
.start_tls()
命令在启动连接后在未加密端口上启动安全连接,因此您可以在绑定发生之前发出此命令以使其加密.另一组常用端口是 3268(未加密)和 3269(ssl),可能在您的服务器中启用.
start_tls()
and ldaps
is mutually exclusive, meaning you cannot issue start_tls()
on the ssl port (standard 636), or initiate ldaps
on an unecrypted port (standard 389). The start_tls()
command initiate a secure connection on the unencrypted port after connection is initiated, so you would then issue this before the bind takes place to make it encrypted. Another set of common ports is 3268 (unecrypted) and 3269 (ssl) which might be enabled in your server.
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
正在记录到您的 Web 服务器错误日志,具体取决于您的日志级别,或者到 stout(来自 PHP CLI).要在此处获取更多信息,请检查您的 Web 服务器日志级别设置,或者直接从命令行运行您的 php 脚本.
is logging to your web servers error log, depending on your log level, or to stout (from PHP CLI). To gain more information here, check your web server log level setting, or simply run your php script from command line.
要成功使用 ssl 端口,您需要指定 ldaps://
前缀,而在未加密的端口上则不需要(使用 ldap://
前缀).
To successfully use the ssl port, you need to specify the ldaps://
prefix, while on the unencrypted port this is not necessary (with a ldap://
prefix).
查看您的代码,这可能是协议版本问题,因为 PHP 默认使用版本 2.要解决此问题,您可以发出:
Looking at your code, this could be a protocol version issue as PHP by default use version 2. To solve this, you can issue:
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($conn, LDAP_OPT_REFERRALS,0);
在您尝试绑定之前.
您还可以查看 问题中的代码使用我在 CentOS 5 中成功使用的 PHP 安全绑定到 Active Directory,但在 Ubuntu 中遇到问题.如果您的服务器有一个开放的未加密端口,最好对其进行未加密测试绑定以排除任何连接问题.
You can also have a look at the code in Problems with secure bind to Active Directory using PHP which I successfully use in CentOS 5, but is having problems in Ubuntu. If your server has an open unencrypted port, it's a good idea to do an unencrypted test bind against it to rule out any connectivity issues.
要检查端口是否打开,可以检查telnet是否连接到它,例如:
To check if the port is open, you can check if telnet connects to it, E.G:
telnet my.server.com 3268
如果端口是开放的,那么你应该可以使用它进行绑定.
If the port is open, then you should be able to bind using it.
*编辑:如果ssl证书被认为无效,连接将失败,如果是这种情况,将调试级别设置为7会宣布这一点.要解决这个特定问题,您需要忽略有效性:
*Edit: If the ssl certificate is deemed invalid, the connection will fail, if this is the case, setting the debug level to 7 would announce this. To get around this specific problem you need to ignore the validity:
您可以通过发出来忽略windows中的有效性
You can ignore the validity in windows by issuing
putenv('LDAPTLS_REQCERT=never');
在您的 php 代码中.在 *nix 中,您需要编辑/etc/ldap.conf 以包含
in your php code. In *nix you need to edit your /etc/ldap.conf to contain
TLS_REQCERT never
这篇关于PHP 无法连接到 LDAP Oracle Directory Server 企业版的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!