PHP: ldap_bind gives 500 Internal Server Error when binding with SSL but not regular bind

浪尽此生 提交于 2019-12-11 16:28:14

问题


I have a Laravel application on a Windows Server 2016, with IIS 10 and PHP 7.2.

The application is required to do Active Directory authentication. For this I use https://github.com/Adldap2/Adldap2-Laravel. Authentication was working for a regular LDAP connection to the corporate DC on port 3268, but when I enable SSL and connect it to port 3269 or 636 I get an 500: Internal Server Error "The FastCGI process exited unexpectedly" when my code reaches ldap_bind().

I know SSL works on the DC as I can connect on the same server with ldp.exe tool.

This is my config that is used in the application for authentication (with the default login controller)

LDAP_HOSTS='dc.example.corp.com'
LDAP_PORT=636
LDAP_BASE_DN=''
LDAP_USE_SSL=true
LDAP_USE_TLS=false

LDAP_USERNAME=######################
LDAP_PASSWORD=############

I usually do my testing on a file with the following code in my public directory:

$a = ldap_connect("ldaps://dc.example.corp.com:636");
ldap_set_option($a, LDAP_OPT_PROTOCOL_VERSION, 3);  // v3 = UTF8 encoding
ldap_set_option($a, LDAP_OPT_REFERRALS, 0);
$r=ldap_bind($a);

echo "-$r-";

I have also tried debugging with DebugDiag, but when analysing the dump created by the crash it returns the following error:

Description Recommendation
WARNING - DebugDiag was not able to locate debug symbols for \libcrypto-1_1.dll, so the information below may be incomplete.

In php__PID__6684__Date__11_28_2019__Time_10_24_08AM__912__Second_Chance_Exception_C0000005.dmp the assembly instruction at libcrypto_1_1!CRYPTO_memcmp+29530 in C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll from The OpenSSL Project, https://www.openssl.org/ has caused an access violation exception (0xC0000005) when trying to read from memory location 0x2a4b6fe0 on thread 0
Please follow up with the vendor The OpenSSL Project, https://www.openssl.org/ for C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll

and also hundreds of lines saying the same:

libcrypto_1_1!CRYPTO_memcmp+29594

I don't know where the problem resides as of this moment and am unsure how to proceed.


回答1:


I have been able to solve my own problem by looking further into the libcrypto messages. I found a post referencing a bug when using php 7.2.14 and openssl 1.1.1 (bugs.php.net/bug.php?id=77440).

I deleted my libcrypto-1_1.dll and libssl-1_1.dll files and replaced them with once from openssl 1.1.0j. After restarting my server everything worked!



来源:https://stackoverflow.com/questions/59087672/php-ldap-bind-gives-500-internal-server-error-when-binding-with-ssl-but-not-reg

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!