I'm trying to get LDAP working with our Active Directory servers using Start-TLS. We're running Drupal 6.13 and the 1.0-beta1 version of ldap_integration. Our PHP version is 5.2.10 and apache is version 2.2.3Our AD servers run Windows 2003 R2 SP2. We have a root domain (clatsopcc.local) with two subdomains under it (snf and students). We've added both subdomains as separate server entries in ldap_integration, each with information specific to their domain (separate IPs, user account for searching, etc). Using the "test" button, it succeeds when Start-TLS is turned off. However, if I turn on Start-TLS it fails to pass the "test". The weird this is that if I go into webmin and put the same information in using the ldap client, I can browse the user accounts and such just fine using TLS.

The following modules are loaded in apache:
core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_file_cache mod_mem_cache mod_cgi mod_version mod_php5 mod_auth_kerb mod_auth_mysql mod_auth_pgsql mod_authz_ldap mod_nss mod_perl mod_proxy_ajp mod_python mod_ssl

PHP was compiled with --with-ldap and --with-ldap-sasl
LDAP Support enabled
RCS Version $Id: ldap.c,v 1.161.2.3.2.18 2009/06/15 15:18:48 patrickallaert Exp $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20343
SASL Support Enabled

I see this error on the pages:
* warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 154.
* warning: ldap_errno(): supplied argument is not a valid ldap link resource in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 167.
* warning: ldap_error(): supplied argument is not a valid ldap link resource in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 167.

If I try and log in I get a blank page and the httpd error_log shows a Segmentation Fault for a few child processes.

From Recent Logs on drupal:
Type user
Date Tuesday, August 18, 2009 - 11:22am
User Anonymous
Location http://web.clatsopcc.edu/node?destination=node
Referrer http://web.clatsopcc.edu/
Message LDAP Bind failure for user CN=LDAP Staff,CN=Users,DC=snf,DC=clatsopcc,DC=local. Error :
Severity notice
Hostname 172.16.2.183
Operations
-----------
Type php
Date Tuesday, August 18, 2009 - 11:22am
User Anonymous
Location http://web.clatsopcc.edu/node?destination=node
Referrer http://web.clatsopcc.edu/
Message ldap_error(): supplied argument is not a valid ldap link resource in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 167.
Severity error
Hostname 172.16.2.183
Operations
----------
Type php
Date Tuesday, August 18, 2009 - 11:22am
User Anonymous
Location http://web.clatsopcc.edu/node?destination=node
Referrer http://web.clatsopcc.edu/
Message ldap_errno(): supplied argument is not a valid ldap link resource in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 167.
Severity error
Hostname 172.16.2.183
Operations
-----------
Type user
Date Tuesday, August 18, 2009 - 11:22am
User Anonymous
Location http://web.clatsopcc.edu/node?destination=node
Referrer http://web.clatsopcc.edu/
Message Could not start TLS. (Error -11: Connect error).
Severity notice
Hostname 172.16.2.183
Operations
----------
Type php
Date Tuesday, August 18, 2009 - 11:22am
User Anonymous
Location http://web.clatsopcc.edu/node?destination=node
Referrer http://web.clatsopcc.edu/
Message ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /var/www/html/drupal/sites/all/modules/ldap_integration/includes/LDAPInterface.inc on line 154.
Severity error
Hostname 172.16.2.183
Operations

Comments

jlea9378’s picture

jlea9378 commented

Can anyone help?

jlea9378’s picture

jlea9378 commented

Fixed by modifying LDAPInterface.inc:

I added the following before the ldap_connect call in initConnection():

putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');

Jared’s picture

Jared commented

I'm having exactly the same problem. I added the code you described in initConnection(), but it didn't help. I only know enough php to be dangerous, though.

My platform: Drupal 6 running on a Turnkey Linux appliance. Attempting to connect to an Active Directory 2003 server. I tried entering the domain controller's IP number but that didn't work. Tried its DNS name, but still no go. I started with version 6.x-1.0-beta1 of this module, then in an attempt to get past this issue, rolled back to Alpha2, but still no go. I DO have connectivity to the DC, and I verified that my account for non-anonymous search is working and has correct credentials.

This is a non-production test box just booting off of a Turnkey Linux live CD. Just wanting to see if I can get it to work before attempting anything like production.

jlea9378’s picture

jlea9378 commented

Ok so your LDAPInterface.inc looks like this?

function initConnection() {
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup env');
... Rest of the code ...
}

And the permissions on the entire module folder give the apache user RWX permission? I set apache as user and group owner and gave permissions 775, but that might be overkill. haha.

Did you also configure & compile PHP with the necessary flags?
--with-ldap and --with-ldap-sasl
I didn't have to change anything in php.ini or httpd.conf to get this working beyond what is required to get drupal itself to work.

In the module config, I have the Name set to a simple name w/ no spaces, LDAP Server set to the servers hostname, which I tested by trying to ping from the shell. Port is 389, and both the TLS and Encrypted Password boxes are checked. Our Base DN is set to:
ou=StaffNFaculty Users,dc=snf,dc=clatsopcc,dc=local
Username attribute is: samaccountname
and Email attribute is: mail
PHP Filter is empty
and our non-anonymous account I entered as:
avalidusername@snf.clatsopcc.local

Hope this helps!

cgmonroe’s picture

cgmonroe commented
Status: Active » Closed (fixed)

Clearing out old support requests - reopen if problem still exists in newest code

jlea9378’s picture

jlea9378 commented

Closing.