dongzhang3482 2017-02-13 17:06
浏览 80
已采纳

搜索CN时Zend_Ldap中的异常

I am experiencing a weird issue with Zend_Ldap (Zend_Framework 1.12) and PHP 5.6.24 on Windows 2012 R2 when searching for a CN. Basically, I send an LDAP search for the DN:

CN=ABUsers,CN=Users,DC=escenterprise,DC=net

after successfully binding with a valid LDAP user. That is confirmed by this Wireshark trace:

WIRESHARK IMAGE

What I find odd in the trace is that I get a proper response to my search query, which includes the users in the CN I am targeting. However, instead of returning that search result, the PHP LDAP extension (php_ldap.dll, v5.6.24.0) attempts 3 extra binds using the ROOT user for the following CN:

  • CN=Configuration,DN=escenterprise,DN=net
  • CN=DomainDnsZones,DN=escenterprise,DN=net
  • CN=ForestDnsZones,DN=escenterprise,DN=net

Those binds appear to succeed; however the following extra searches for the 3 CN above all fail with the following error message:

0x1 (Operations error; 000004DC: LdapErr: DSID-0C090752, comment:
In order to perform this operation a successful bind must be completed on the
connection., data 0, v2580): searching:
(&(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ABUsers,CN=Users,dc=escenterprise,dc=net))

I understand that the 3 CN are contained in the response to my first query. However, I am having some troubles to understand why the 3 extra searches occur in the first place, along with the 3 binds as ROOT.

The issue only happens in one test environment, which is configured the same way of my other test environments where everything works correctly, that is, Zend_Ldap does not return an exception performing the very same search and it does not search the 3 extra CN. If this may help, the test environment where the issue occurs sits in a data center outside of the network where the LDAP server is located and it is connected to it by means of a VPN. The other test environments are in the same building as the LDAP server.

Any idea on why it is happening in that particular environment? How can I avoid it?

Many thanks!

  • 写回答

1条回答 默认 最新

  • dongru3726 2017-02-13 20:52
    关注

    I was experiencing this issue with a test environment that sits in one of my data centers. It turned out to be my PHP Settings was changing optReferrals to TRUE. This worked in the local environments but not for anything that sat outside of my network. After making sure the setting defaulted to FALSE, it worked correctly and I did not see any "ROOT" binds.

    Hope this helps.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 关于php录入完成后,批量更新数据库
  • ¥15 请教往复密封润滑问题
  • ¥15 cocos creator发布ios包
  • ¥15 comsol压电材料数据
  • ¥35 用python实现除法算法中goldschmidt算法
  • ¥15 汇编代码转换成C代码
  • ¥15 除法算法中的归一化具体是怎么变的?
  • ¥20 集成电路的逻辑电路和晶体管简化图
  • ¥15 下载windows builder后的问题
  • ¥15 端口连接数为什么会有限制