LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   Ubuntu Hardy (php-ldap):Can't contact LDAP server (http://www.linuxquestions.org/questions/programming-9/ubuntu-hardy-php-ldap-cant-contact-ldap-server-686918/)

eantoranz 11-28-2008 02:47 PM

Ubuntu Hardy (php-ldap):Can't contact LDAP server
 
I just can't get it.

I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):

Warning: ldap_search(): Search: Can't contact LDAP server in /usr/lib/squid/squid_ldap.php on line 50

Any idea what's going on? The script is working beautifully on another host with debian.

ta0kira 11-29-2008 09:26 AM

Does ldap work anywhere else on the system? Do you run it through PAM? If not, can you test it that way to see if it works from the host in the first place? Maybe the Debian box had certain default configurations, etc. that aren't default on the new box?
ta0kira

eantoranz 11-29-2008 10:23 AM

Well.. it's a "standalone" script. No relation to PAM. What I did as a test is make an ldap search (with ldapsearch) from the host and it worked correctly (provided I gave him all the information to make the search):

Code:

ldapsearch -D DOMAIN\\username -W -x -h 192.168.0.3 -b dc=test,dc=org
I guess that rules out the ldap library as the source of the problem, right?

ta0kira 11-29-2008 07:43 PM

Yes, that rules out at least the ldap system itself and access to the ldap server. Have you tried to use php manually from the command line to see if the error is there? You didn't say whether that error was via the web server or not.
ta0kira

eantoranz 11-29-2008 10:20 PM

Its a standalone script. That error was running the script with php-cli

eantoranz 12-02-2008 11:10 AM

I just don't get it. I compiled php from source (5.2.6) with ldap from source as well (stable 20080813) and I still get the same error:

Code:

Warning: ldap_search(): Search: Can't contact LDAP server in /usr/lib/squid/squid_ldap.php on line 50
Now, if I use wrong credentials, see what wireshark says:
Code:

5        0.007668        192.168.0.3        192.168.0.2        LDAP        bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893)
Great.... but if I do it correctly, here's what wireshark says:
Code:

5        0.006400        192.168.0.3        192.168.0.2        LDAP        bindResponse(1) success
Then, when the script goes on (and the ldap_search() arrives):
Code:

6        0.006497        192.168.0.2        192.168.0.3        TCP        34406 > ldap [ACK] Seq=32 Ack=23 Win=5840 Len=0 TSV=52446489 TSER=70626564
7        0.006925        192.168.0.2        192.168.0.3        LDAP        searchRequest(2) "dc=domain,dc=org" wholeSubtree
8        0.011334        192.168.0.3        192.168.0.2        TCP        [TCP segment of a reassembled PDU]
9        0.011457        192.168.0.3        192.168.0.2        TCP        [TCP segment of a reassembled PDU]
10        0.011522        192.168.0.2        192.168.0.3        TCP        34406 > ldap [ACK] Seq=142 Ack=2919 Win=11632 Len=0 TSV=52446490 TSER=70626564
11        0.011544        192.168.0.3        192.168.0.2        LDAP        searchResEntry(2) "CN=My Name,OU=Blah,OU=Blah,OU=Blah,DC=DOMAIN,DC=ORG"
12        0.050479        192.168.0.2        192.168.0.3        TCP        34406 > ldap [ACK] Seq=142 Ack=3524 Win=14528 Len=0 TSV=52446494 TSER=70626564
13        0.151755        192.168.0.2        192.168.0.3        LDAP        unbindRequest(4)

etc etc

So obviously, on the wire, there's communication between the ldap server and the client.... but then PHP tells me that it can't contact the server. Has the ldap API on PHP changed or something?

ta0kira 12-02-2008 05:54 PM

Not sure. See if you can reduce it to a few lines, then post it.
ta0kira

eantoranz 12-02-2008 07:40 PM

I took a nagging road to solve it: translated it into python. Now it's working. :-S


All times are GMT -5. The time now is 10:49 PM.