The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php ldap_bind Can't contact LDAP server

Discussion in 'CloudLinux' started by jerrac, Nov 3, 2016.

Tags:
  1. jerrac

    jerrac Registered

    Joined:
    Jun 9, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    I have an odd issue where my root user can connect to an external LDAP server, but a normal cPanel user cannot.

    I used EasyApache 4 to install the php ldap extension, and a function_exists check for ldap_bind returns true. So the extension is definitely installed and working. (Not to mention it works for root...)

    The ldap server is an eDirectory.

    Both cPanel and my ldap directory are in the same DMZ, so my external firewall is not interfering. Both cPanel and the ldap server have both 636 and 389 ports open.

    I am using LVE for the users account.

    My test script:

    PHP:
    <?php

    ini_set
    ('display_errors''On');
    error_reporting(E_ALL);

    $config['baseDn'] = 'ou=blah,dc=foo,dc=bar';
    $config['bindDn'] = 'binduserdn';
    $config['host'] = 'ldaps://<ldapserver hostname>';
    $config['port'] = 636;
    $config['bindPw'] = 'password';
    $config['tls'] = NULL;

    $connection ldap_connect($config['host'], $config['port']);
    ldap_set_option($connectionLDAP_OPT_PROTOCOL_VERSION3);
    if (
    $connection == FALSE) {
        
    //Note that OpenLDAP always returns a resource and does not actually
        //connect until we use ldap_bind or other ldap_* functions.
        //See http://www.php.net/manual/en/function.ldap-connect.php
        
    syslog(LOG_ERR"Unable to connect to LDAP server." ldap_error($connection));
        exit();
    } else {
        
    //turn on tls if set.
        
    if (!empty($config['tls'])) {
            
    ldap_start_tls($connection);
        }

        
    //Attempt to bind to the server.
        
    $bind ldap_bind($connection$config['bindDn'], $config['bindPw']);
        if (!
    $bind) {
            
    syslog(LOG_ERR"Unable to bind to LDAP server.");
            exit();
        } else {
            echo 
    "Bound to ldap server.\n\n";
        }
    }
    If I run the test script as the cpanel user:

    If I run the test script inside the cpanel users home dir as root:
    If I run the same test script from inside root's home, as root:
    I assume it has something to do with how CloudLinux, CageFS, and LVE all work. Unfortunately, my searches of the documentation and Google have not turned up any clues.

    Any suggestions on what I should do next?
     
  2. jerrac

    jerrac Registered

    Joined:
    Jun 9, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Interesting. After disabling CageFS for my cPanel user, the test script works.

    So, maybe something the skeleton is missing? Hrm...
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You have to run cagefsctl --update any time you have modified php.ini, or you want to get new/updated software inside CageFS. Documentation on this is available at:

    CloudLinux Documentation

    Thanks!
     
  4. jerrac

    jerrac Registered

    Joined:
    Jun 9, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    I've run that command several times. The issue still occurs.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  6. jerrac

    jerrac Registered

    Joined:
    Jun 9, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Ticket 7919031.
     
Loading...

Share This Page