[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with OpenLDAP and Apache/PHP

I have been having difficulty getting any direction on
how to resolve this problem so I decided to try posting
to this list.  Any suggestions or recommendations would
be greatly appreciated.

I am currently using openldap-2.0.23, Apache 1.3.22 and
PHP 4.2.1.

My php program is being used to authenticate a user against
several Microsoft Active Directory Servers.  It works 
flawlessly 95% of the time, but intermittently (about 5%
of the time) Apache gives me a segmentation faulty 
when I call I get either ldap_bind or ldap_close.

My code basically:

Opens a socket to port 389 to be sure the server is working.
Close the socket
If the server is operational use ldap_connect to connect to the server
Use ldap_bind to bind to the server as a known user.
Do an ldap_search for the "cn" and "sn" of the user we want to
Use ldap_get_entries to put the returned entries into a string.
At this point the next ldap call I make sometimes causes a
segmentation fault but most of the time it works.  At this 
point what I need to do is do a ldap_bind as the correct user
to authenticate them.  If I try either an ldap_unbind, ldap_close,
or ldap_bind here all of these will work most of the time and give me
a segmentation fault occasionally.
Here is the basic php code.

      // Check to see that the active directory server is operational
      // before we try to make a connection to it.
      if ($fp = fsockopen($ADServer1,389,$errno,$errstr,$Timeout)) {
      if (!$ds) {
         if ($fp = fsockopen($ADServer2,389,$errno,$errstr,$Timeout)) {
      if (!$ds) {
         DisplayError("Unable to bind to ldap server");
      } else {
         // First bind as our "ANONYMOUS" user and lookup the full cn
         // for the user that is actually logging in.
         if (!(ldap_bind($ds,$LOOKUP_BIND_DN,$LOOKUP_BIND_PASSWORD))) {
           DisplayError("LDAP Bind for $LOOKUP_BIND_USER did not work");
         } else {
           if ($info==FALSE) {
              DisplayError("unable to find user in the directory.");
           if ($info["count"] <> 1) {
              DisplayError("No user account found for $USERNAME");
           } else {
              // At this point I have the DN for the user I need to
              // bind as this user to see if they entered the correct
              // password.

              // NOTE: This is where my next ldap call will occasionally
              //       (about 5% of the time) creates the seg fault.  
              //       I have tried taking out the ldap_close and 
              //       ldap_connect becuase I should be able to 
              //       just bind again, but I get the same
              //       result either way.
              if (!$ds) {
                 DisplayError("Unable to bind to ldap server on second
              if (!(ldap_bind($ds,$USER_DN,$PASSWORD))) {
                 DisplayError("Invald Password");
Ed Oakes                Phone: (540) 831-6233
Radford University      Fax:   (540) 831-5555
Academic Computing      Email: eoakes@radford.edu