-   Programming (
-   -   Ubuntu Hardy (php-ldap):Can't contact LDAP server (

eantoranz 11-28-2008 01:47 PM

Ubuntu Hardy (php-ldap):Can't contact LDAP server
I just can't get it.

I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):

Warning: ldap_search(): Search: Can't contact LDAP server in /usr/lib/squid/squid_ldap.php on line 50

Any idea what's going on? The script is working beautifully on another host with debian.

ta0kira 11-29-2008 08:26 AM

Does ldap work anywhere else on the system? Do you run it through PAM? If not, can you test it that way to see if it works from the host in the first place? Maybe the Debian box had certain default configurations, etc. that aren't default on the new box?

eantoranz 11-29-2008 09:23 AM

Well.. it's a "standalone" script. No relation to PAM. What I did as a test is make an ldap search (with ldapsearch) from the host and it worked correctly (provided I gave him all the information to make the search):


ldapsearch -D DOMAIN\\username -W -x -h -b dc=test,dc=org
I guess that rules out the ldap library as the source of the problem, right?

ta0kira 11-29-2008 06:43 PM

Yes, that rules out at least the ldap system itself and access to the ldap server. Have you tried to use php manually from the command line to see if the error is there? You didn't say whether that error was via the web server or not.

eantoranz 11-29-2008 09:20 PM

Its a standalone script. That error was running the script with php-cli

eantoranz 12-02-2008 10:10 AM

I just don't get it. I compiled php from source (5.2.6) with ldap from source as well (stable 20080813) and I still get the same error:


Warning: ldap_search(): Search: Can't contact LDAP server in /usr/lib/squid/squid_ldap.php on line 50
Now, if I use wrong credentials, see what wireshark says:

5        0.007668        LDAP        bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893)
Great.... but if I do it correctly, here's what wireshark says:

5        0.006400        LDAP        bindResponse(1) success
Then, when the script goes on (and the ldap_search() arrives):

6        0.006497        TCP        34406 > ldap [ACK] Seq=32 Ack=23 Win=5840 Len=0 TSV=52446489 TSER=70626564
7        0.006925        LDAP        searchRequest(2) "dc=domain,dc=org" wholeSubtree
8        0.011334        TCP        [TCP segment of a reassembled PDU]
9        0.011457        TCP        [TCP segment of a reassembled PDU]
10        0.011522        TCP        34406 > ldap [ACK] Seq=142 Ack=2919 Win=11632 Len=0 TSV=52446490 TSER=70626564
11        0.011544        LDAP        searchResEntry(2) "CN=My Name,OU=Blah,OU=Blah,OU=Blah,DC=DOMAIN,DC=ORG"
12        0.050479        TCP        34406 > ldap [ACK] Seq=142 Ack=3524 Win=14528 Len=0 TSV=52446494 TSER=70626564
13        0.151755        LDAP        unbindRequest(4)

etc etc

So obviously, on the wire, there's communication between the ldap server and the client.... but then PHP tells me that it can't contact the server. Has the ldap API on PHP changed or something?

ta0kira 12-02-2008 04:54 PM

Not sure. See if you can reduce it to a few lines, then post it.

eantoranz 12-02-2008 06:40 PM

I took a nagging road to solve it: translated it into python. Now it's working. :-S

All times are GMT -5. The time now is 03:09 AM.