Mantis Bugtracker 

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004178TestLinkGeneralpublic2011-01-20 10:262011-03-20 16:31
Assigned Tofman 
PlatformOSDebianOS VersionLenny
Product Version1.9 (Prague) 
Fixed in Version1.9.2 (2011 Q2 - bug fixing) 
Summary0004178: LDAP bind with TLS fails
DescriptionI have testlink 1.9 on a Debian Lenny host with php version 5.2.6.dfsg.1-1+lenny9 packages. The php5-ldap Debian package is installed. /etc/ldap/ldap.conf is configured (TLS_REQCERT is "demand" and TLS_CACERT is set) and working correctly for other services. OpenLDAP requires TLS for a successful bind.

My config basically contains:
$tlCfg->authentication['ldap_server'] = '';
$tlCfg->authentication['ldap_port'] = '389';
$tlCfg->authentication['ldap_version'] = '3';
$tlCfg->authentication['ldap_root_dn'] = 'dc=example,dc=com';
$tlCfg->authentication['ldap_organization'] = '';
$tlCfg->authentication['ldap_uid_field'] = 'uid';
$tlCfg->authentication['ldap_bind_dn'] = 'cn=testlink,ou=Services,dc=example,dc=com';
$tlCfg->authentication['ldap_bind_passwd'] = 'example';
$tlCfg->authentication['ldap_tls'] = true;

Attempting a login to testlink using an LDAP account fails with this config. userlog0.log contains this:
        [11/Jan/20 08:39:50][WARNING][<nosession>][GUI]
Wrong parameter count for ldap_start_tls() - in /opt/testlink_1.9.0/lib/functions/ldap_api.php - Line 61
        [11/Jan/20 08:39:50][WARNING][<nosession>][GUI]
ldap_search(): Search: Confidentiality required - in /opt/testlink_1.9.0/lib/functions/ldap_api.php - Line 111
        [11/Jan/20 08:39:50][WARNING][<nosession>][GUI]
ldap_get_entries(): supplied argument is not a valid ldap result resource - in /opt/testlink_1.9.0/lib/functions/ldap_api.php - Line 112
        [11/Jan/20 08:39:50][WARNING][<nosession>][GUI]
ldap_free_result(): supplied argument is not a valid ldap result resource - in /opt/testlink_1.9.0/lib/functions/ldap_api.php - Line 131

It looks like the ldap_start_tls function is being used in ldap_api.php as a replacement for ldap_bind if TLS is enabled. I didn't find much documentation for ldap_start_tls, but it seems like it should be used before an ldap_bind rather than as a replacement for it.
Additional InformationI'm attaching a patch that was sufficient to get LDAP bind with TLS working for me. Due to lack of php documentation I'm not sure if a failed ldap_start_tls leaves $t_ds in a state that a plaintext ldap_bind might still work. At least for me TLS now works and it shouldn't change the behaviour of configurations with ldap_tls = false.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL 5.0.51a-24+lenny4
PHP Version
QA Team - Task Workflow Status
Attached Filespatch file icon ldap_api.php.patch [^] (1,724 bytes) 2011-01-20 10:26 [Show Content]
? file icon ldap_api.php [^] (4,415 bytes) 2011-01-26 08:50

- Relationships
related to 0002898closedfman Activate ldap tls authentication 
has duplicate 0004189closedfman Problem when enabling ldap tls 
child of 0004918assignedfman ldap tls authentication fails 

-  Notes
fman (administrator)
2011-01-20 18:11

Please do not attach patches but only FULL file with change fully commented
dgilmore (reporter)
2011-01-26 08:58

I've attached the full file that I'm using. I've also added a comment for the block of code I moved.

- Issue History
Date Modified Username Field Change
2011-01-20 10:26 dgilmore New Issue
2011-01-20 10:26 dgilmore File Added: ldap_api.php.patch
2011-01-20 18:11 fman Note Added: 0013335
2011-01-23 17:22 fman Relationship added related to 0002898
2011-01-25 21:54 fman Relationship added has duplicate 0004189
2011-01-25 21:54 fman Assigned To => fman
2011-01-25 21:54 fman Status new => assigned
2011-01-26 08:50 dgilmore File Added: ldap_api.php
2011-01-26 08:58 dgilmore Note Added: 0013436
2011-03-20 16:31 fman Status assigned => closed
2011-03-20 16:31 fman Resolution open => fixed
2011-03-20 16:31 fman Fixed in Version => 1.9.2 (2011 Q2 - bug fixing)
2012-02-18 08:50 fman Relationship added child of 0004918

Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker