当前位置: 文江博客话题详情

LDAP 可与 PHP CLI 配合使用,但不能通过 apache 配合使用

发布于 2024-12-18 13:25:49 字数 529 浏览 0 评论 0原文

我正在尝试从 Fedora 机器通过 LDAP 对 Windows 2008 Server 进行身份验证。

以下代码在命令行中运行(打印“成功”):

if($ldap = ldap_connect('10.0.0.101'))
{
  ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
  $bind = ldap_bind($ldap,'[email protected]','XXXXXXX');
  print ldap_error($ldap);
}

...通过 Apache/mod_php 拉取同一文件打印“无法联系 LDAP 服务器”

我已经看到很多此类问题的报告,但没有有关如何解决该问题的有用信息。

原文

I'm trying to authenticate over LDAP against a Windows 2008 Server from a Fedora box.

The following code works from the command line (prints "Success"):

if($ldap = ldap_connect('10.0.0.101'))
{
  ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
  $bind = ldap_bind($ldap,'[email protected]','XXXXXXX');
  print ldap_error($ldap);
}

...pulling the same file via Apache/mod_php prints "Can't contact LDAP server"

I've seen a lot of reports of issues like this, but no useful information on how to resolve it.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

呆头 2024-12-25 13:25:49

我只是在 centos6 上与这个问题斗争了很长时间。 php.ini 的差异似乎是一个检查的好地方,但它没有给我答案。原来这和SELinux有关。

$ getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> on
httpd_can_network_memcache --> on
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off

您会注意到,在我的例子中,httpd_can_network_connect 被设置为关闭。这是 SELinux 中的布尔值,可以使用以下命令进行调整。

$ setsebool -P httpd_can_network_connect on

您可以在 http://wiki.centos.org/TipsAndTricks/SelinuxBooleans 阅读更多相关信息,其中明确使用了以下情况以 apache 和 ldap 为例。希望有帮助!

I just fought this exact problem for a long time on centos6. The php.ini difference seem like a good place to check, but it didn't give me the answer. It turns out this was related to SELinux.

$ getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> on
httpd_can_network_memcache --> on
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off

You'll note, that in my case, httpd_can_network_connect was set to off. This is a boolean in SELinux and can be adjusted with the following command.

$ setsebool -P httpd_can_network_connect on

You can read more about this at http://wiki.centos.org/TipsAndTricks/SelinuxBooleans which explicitly uses the case of apache and ldap as an example. Hope it helps!

回复 原文
高跟鞋的旋律 2024-12-25 13:25:49

您可能会遇到此问题,因为 Apache 有一个 php.ini 文件,而 CLI 可能有另一个文件,并且 Apache 版本可能没有 LDAP 扩展名已启用。

尝试使用 phpinfo( 来检查正在加载的 php.ini ) 在您的两个环境中:

<?php print phpinfo(); ?>

您应该看到 php.ini 的路径和其他有用信息:

Configuration File (php.ini) Path => /etc/php5/cli
Loaded Configuration File => /etc/php5/cli/php.ini
Scan this dir for additional .ini files => /etc/php5/cli/conf.d

查看 CLI 上加载的配置的替代方法 是通过调用 php 来实现的-i 参数:

$ php -i | grep 'php.ini'
Configuration File (php.ini) Path => /etc/php5/cli
Loaded Configuration File => /etc/php5/cli/php.ini

You might be having this problem because Apache has one php.ini file and CLI might have another, and the Apache version might not have LDAP extension enabled.

Try checking which php.ini is loading with phpinfo() in both of your environments:

<?php print phpinfo(); ?>

You should see the path of php.ini and additional useful information:

Configuration File (php.ini) Path => /etc/php5/cli
Loaded Configuration File => /etc/php5/cli/php.ini
Scan this dir for additional .ini files => /etc/php5/cli/conf.d

An alternative method to see the configuration loaded on the CLI is by calling php with -i parameter:

$ php -i | grep 'php.ini'
Configuration File (php.ini) Path => /etc/php5/cli
Loaded Configuration File => /etc/php5/cli/php.ini
回复 原文
~没有更多了~

关于作者

风情万种。

暂无简介

文章
评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

梦年海沫深

文章 0 评论 0

liaowenxiong

文章 0 评论 0

丢了幸福的猪

文章 0 评论 0

kaipeng

文章 0 评论 0

微信用户

文章 0 评论 0

独享拥抱

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文