FreeBSD php{4,5} w/ LDAP + SSL/TLS ldap_start_tls()

Brian A. Seklecki lavalamp at spiritual-machines.org
Fri Sep 2 18:52:45 PDT 2005


All:

Firstly, sorry if this is the wrong list.  There are thousands of forums 
and PHP5 related MLs, but nothing FBSD specific.

Second, I wouldn't post if this wasn't happening on two completely 
different FBSD boxes.

For whatever reason, the php4 and php5 from FreeBSD ports refuses to 
properly configure SSL/TLS support for the LDAP module.

This breaks the TLS/SSL functionality in net/phpldapadmin and 
sysutils/ldap-account-manager (CC'ing maintainers)

I've got two current i386/RELENG_5_3 boxes.  Both with Apache 
apache-2.0.54_2 and openldap-client-2.2.27.

The ldap client binaries are linked to SSL fine and can talk both ldaps:// 
and Start_TLS over ldap://.  That's out of the question.

One with php4-4.4.0, one with php5-5.0.3_2 (see below).  Both have the 
LDAP and SSL php extension modules installed:

$ egrep -i "ldap|ssl" /usr/local/etc/php/extensions.ini
extension=openssl.so
extension=ldap.so

The php4 box's ldap module is linked to OpenSSL:

# ldd /usr/local/lib/php/20020429/ldap.so
/usr/local/lib/php/20020429/ldap.so:
         libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28174000)
         liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a7000)
         libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b4000)
         libssl.so.3 => /usr/lib/libssl.so.3 (0x282c8000)

The php5 box is as well:

$ ldd /usr/local/lib/php/20041030/ldap.so
/usr/local/lib/php/20041030/ldap.so:
         libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x28173000)
         liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x281a6000)
         libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b3000)
         libssl.so.3 => /usr/lib/libssl.so.3 (0x282c7000)


The problem is that ldap_start_tls() is an unregistered/invalid function.


When i run the functions.php at 
http://www.sitepoint.com/article/php-command-line-2

ldap_start_tls() isn't listed on either machine (see below).  The only 
reference to the problem I've been able to find is a PR:

http://www.freebsd.org/cgi/query-pr.cgi?pr=72275

....but this only relates to PHP4.  I don't know why *GRRR*, but this PR 
was closed without a fix ever being commited or any remarks!  Anyway, I 
tried the proposed solution on the PHP4 machine.  I removed the OpenSSL 
shared extension, export WITH_OPENSSL=true, recompiled php4 CLI/MOD with 
SSL static.  Removed the SSL module from extensions.ini.  Same problem.

The only possible localized problem I can see is my my predecessor placed:

PHP_EXT_INC=openssl

in php.conf.  I've tried rebuilding with and without that to no avail.

Anyway, I'm going to start looking into this tonight.  Any thoughts would 
be appreciated.  I'll open a PR when I track down the problem.

TIA,

~BAS

# pkg_info |grep -i php
libmcrypt-2.5.7_1   Multi-cipher cryptographic library (used in PHP)
pear-XML_RPC-1.4.0  PHP implementation of the XML-RPC protocol
php4-4.4.0          PHP Scripting Language (Apache Module and CLI)
php4-ctype-4.4.0    The ctype shared extension for php
php4-dba-4.4.0      The dba shared extension for php
php4-extensions-1.0 A "meta-port" to install PHP extensions
php4-gettext-4.4.0  The gettext shared extension for php
php4-ldap-4.4.0     The ldap shared extension for php
php4-mcrypt-4.4.0   The mcrypt shared extension for php
php4-mysql-4.4.0    The mysql shared extension for php
php4-openssl-4.4.0  The openssl shared extension for php
php4-overload-4.4.0 The overload shared extension for php
php4-pcre-4.4.0     The pcre shared extension for php
php4-pear-4.4.0     PEAR framework for PHP
php4-pgsql-4.4.0    The pgsql shared extension for php
php4-posix-4.4.0    The posix shared extension for php
php4-session-4.4.0  The session shared extension for php
php4-tokenizer-4.4.0 The tokenizer shared extension for php
php4-xml-4.4.0      The xml shared extension for php
php4-zlib-4.4.0     The zlib shared extension for php
phpldapadmin-0.9.7.a6,1 A set of PHP-scripts to administer LDAP servers


$ pkg_info |grep -i php5
php5-5.0.4_1        PHP Scripting Language (Apache Module and CLI)
php5-bz2-5.0.3_2    The bz2 shared extension for php
php5-calendar-5.0.3_2 The calendar shared extension for php
php5-ctype-5.0.3_2  The ctype shared extension for php
php5-curl-5.0.4_2   The curl shared extension for php
php5-dom-5.0.3_2    The dom shared extension for php
php5-exif-5.0.3_2   The exif shared extension for php
php5-extensions-1.0 A "meta-port" to install PHP extensions
php5-ftp-5.0.3_2    The ftp shared extension for php
php5-gd-5.0.3_2     The gd shared extension for php
php5-gettext-5.0.3_2 The gettext shared extension for php
php5-iconv-5.0.3_2  The iconv shared extension for php
php5-imap-5.0.3_2   The imap shared extension for php
php5-ldap-5.0.4_2   The ldap shared extension for php
php5-mcrypt-5.0.3_2 The mcrypt shared extension for php
php5-mhash-5.0.3_2  The mhash shared extension for php
php5-mysql-5.0.3_2  The mysql shared extension for php
php5-odbc-5.0.4_2   The odbc shared extension for php
php5-openssl-5.0.3_2 The openssl shared extension for php
php5-pcre-5.0.3_2   The pcre shared extension for php
php5-pear-5.0.3_2   PEAR framework for PHP
php5-pgsql-5.0.3_2  The pgsql shared extension for php
php5-posix-5.0.3_2  The posix shared extension for php
php5-session-5.0.3_2 The session shared extension for php
php5-simplexml-5.0.3_2 The simplexml shared extension for php
php5-soap-5.0.3_2   The soap shared extension for php
php5-sqlite-5.0.3_2 The sqlite shared extension for php
php5-sysvmsg-5.0.3_2 The sysvmsg shared extension for php
php5-sysvsem-5.0.3_2 The sysvsem shared extension for php
php5-sysvshm-5.0.3_2 The sysvshm shared extension for php
php5-tokenizer-5.0.3_2 The tokenizer shared extension for php
php5-xml-5.0.3_2    The xml shared extension for php
php5-zlib-5.0.3_2   The zlib shared extension for php

php4box# php public_html/functions.php -e ldap
ldap_connect
ldap_close
ldap_bind
ldap_unbind
ldap_read
ldap_list
ldap_search
ldap_free_result
ldap_count_entries
ldap_first_entry
ldap_next_entry
ldap_get_entries
ldap_first_attribute
ldap_next_attribute
ldap_get_attributes
ldap_get_values
ldap_get_values_len
ldap_get_dn
ldap_explode_dn
ldap_dn2ufn
ldap_add
ldap_delete
ldap_modify
ldap_mod_add
ldap_mod_replace
ldap_mod_del
ldap_errno
ldap_err2str
ldap_error
ldap_compare
ldap_sort
ldap_rename
ldap_get_option
ldap_set_option
ldap_first_reference
ldap_next_reference
ldap_set_rebind_proc


php5 box$ php functions.php -e ldap        ldap_connect
ldap_close
ldap_bind
ldap_unbind
ldap_read
ldap_list
ldap_search
ldap_free_result
ldap_count_entries
ldap_first_entry
ldap_next_entry
ldap_get_entries
ldap_first_attribute
ldap_next_attribute
ldap_get_attributes
ldap_get_values
ldap_get_values_len
ldap_get_dn
ldap_explode_dn
ldap_dn2ufn
ldap_add
ldap_delete
ldap_modify
ldap_mod_add
ldap_mod_replace
ldap_mod_del
ldap_errno
ldap_err2str
ldap_error
ldap_compare
ldap_sort
ldap_get_option
ldap_set_option
ldap_parse_result
ldap_first_reference
ldap_next_reference
ldap_rename
ldap_set_rebind_proc

-- 
~ TIA,

Brian A. Seklecki
Collaborative Fusion, Inc.
bseklecki at collaborativefusion.com
412-422-3463 x 4018
1710 Murray Avenue, Suite 320
Pittsburgh, PA 15217

l8*
 	-lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8


More information about the freebsd-questions mailing list