php ldap_bind Can't contact LDAP server

jerrac

Member
Jun 9, 2016
9
0
1
Oregon
cPanel Access Level
Root Administrator
I have an odd issue where my root user can connect to an external LDAP server, but a normal cPanel user cannot.

I used EasyApache 4 to install the php ldap extension, and a function_exists check for ldap_bind returns true. So the extension is definitely installed and working. (Not to mention it works for root...)

The ldap server is an eDirectory.

Both cPanel and my ldap directory are in the same DMZ, so my external firewall is not interfering. Both cPanel and the ldap server have both 636 and 389 ports open.

I am using LVE for the users account.

My test script:

PHP:
<?php

ini_set('display_errors', 'On');
error_reporting(E_ALL);

$config['baseDn'] = 'ou=blah,dc=foo,dc=bar';
$config['bindDn'] = 'binduserdn';
$config['host'] = 'ldaps://<ldapserver hostname>';
$config['port'] = 636;
$config['bindPw'] = 'password';
$config['tls'] = NULL;

$connection = ldap_connect($config['host'], $config['port']);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($connection == FALSE) {
    //Note that OpenLDAP always returns a resource and does not actually
    //connect until we use ldap_bind or other ldap_* functions.
    //See http://www.php.net/manual/en/function.ldap-connect.php
    syslog(LOG_ERR, "Unable to connect to LDAP server." . ldap_error($connection));
    exit();
} else {
    //turn on tls if set.
    if (!empty($config['tls'])) {
        ldap_start_tls($connection);
    }

    //Attempt to bind to the server.
    $bind = ldap_bind($connection, $config['bindDn'], $config['bindPw']);
    if (!$bind) {
        syslog(LOG_ERR, "Unable to bind to LDAP server.");
        exit();
    } else {
        echo "Bound to ldap server.\n\n";
    }
}
If I run the test script as the cpanel user:

[<user>@cpanel ~]$ php testldap.php

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /home/<user>/testldap.php on line 29
If I run the test script inside the cpanel users home dir as root:
[[email protected] ~]# php /home/mattd/testldap.php
Bound to ldap server.
If I run the same test script from inside root's home, as root:
[[email protected] ~]# php testldap.php
Bound to ldap server.
I assume it has something to do with how CloudLinux, CageFS, and LVE all work. Unfortunately, my searches of the documentation and Google have not turned up any clues.

Any suggestions on what I should do next?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
Hello,

You have to run cagefsctl --update any time you have modified php.ini, or you want to get new/updated software inside CageFS. Documentation on this is available at:

CloudLinux Documentation

Thanks!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.