View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0022951||mantisbt||authentication||public||2017-05-30 11:16||2017-05-31 10:37|
|Target Version||Fixed in Version|
|Summary||0022951: Authentication against LDAP fails when using non-default port numbers|
We run our LDAP servers on ports different than the default port 389. This was never an issue in our old Mantis installations (e.g. Mantis 1.2.x running PHP 5.3), because we set in config_inc.php the portnumber in the $g_ldap_server variable as follows:
Older versions of PHP can deal with the host:port syntax without problems when using the ldap_connect() function, but more recent versions of PHP don't allow this syntax anymore. Now you need to specify the function as follows:
As a result we can't connect Mantis anymore to LDAP. I am currently testing with Mantis 2.4.1 and PHP7.1. I am not sure if the ldap_connect() syntax has changed in the PHP 5.4 - 5.6 branch or the PHP 7.0 - 7.1 branch, but given the fact that PHP 7 is the recommended version for Mantis, it is worth mentioning.
To solve the issue I've tested the following:
in config_inc.php I've split the ldap host and port like this:
in core/ldap_api.php around line 62
then line 64:
is replaced by:
This configuration seems to work fine, but this needs to be verified by the Mantis developers.
|Steps To Reproduce|
Connect to LDAP on a non-default port, in other words something different than 389. If you only have LDAP running on the default port, you might be able to test it via an SSH tunnel where your local port is different than 389.
|Tags||No tags attached.|
To my knowledge, the function has not changed since PHP 4. Based on ldap_connect() documentation, the host parameter can be either a hostname, or a full LDAP URI; as mentioned there, hostname:port is not a supported LDAP URI as the schema is missing.
In short, you should set
This is clearly documented in the Admin Guide, $g_ldap_server Specifies the LDAP or Active Directory server to connect to, and must be provided as an URI.
That said, it is true that the
Thanks for mentioning the full LDAP URI, I just checked our configuration and indeed by adding ldap:// in front of the hostname:port it all work fine again with the original code. I think the ldap.example.com:3268 syntax was an undocumented feature of the ldap_connect() function, since it does work with older PHP versions., we've used this for many years.
Actually, thinking about it, since port parameter is ignored when using an URI, we should be able to support the
|2017-05-30 11:16||mbremer||New Issue|
|2017-05-31 09:29||dregad||Assigned To||=> dregad|
|2017-05-31 09:29||dregad||Status||new => acknowledged|
|2017-05-31 09:29||dregad||Note Added: 0057003|
|2017-05-31 09:58||mbremer||Note Added: 0057004|
|2017-05-31 10:37||dregad||Note Added: 0057005|