× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Mike,

Thanks for the info. It looks like I need to learn a little more about the Zend Server Administration. I haven't done much with the administration side of the IBMi. The server was an existing setup. Just curious, do you recommend any good references for Zend Server Administration on i?

I did verify the LDAP extensions are loaded and can see them in the get_loaded_extensions. What I did discover is that my LDAP script can authenticate to regular LDAP (389), but when I try to connect to the LDAPS (636), it fails. I did verify that 636 can be seen from the IBMi using a fsockopen. So the communications path seems to be good. I'm now wondering if it is something to do with OpenSSL and the negotiation of the SSL protocols. That's the path I'm heading down now. OpenSSL is installed with PHP. The version on the IBMi is actually more current than I have on my linux server.

--Todd

Jason Aleski / IT Specialist

On 1/12/2016 6:16 PM, Mike Pavlak wrote:
Jason,

Have you tried installing the sample applications from the guide page of the Zend Server admin GUI? One of the options is an example LDAP connection. It works on my server. 9 times out of 10 the problem we run into is a domain or firewall rule prohibiting the IBM i from reaching the AD from via a given IP.

Also, from the Zend Server admin GUI you can see the LDAP extension is loaded (depending on the version of the extension.

Zend Server for IBM i ships with the LDAP extension loaded and enabled by default, but you can turn it off.

You can see if the extension is loaded by running the function " get_loaded_extensions()" which returns an array of the loaded extensions. As you can see from my example below, index [40] is ldap

Array ( [0] => Core [1] => date [2] => ereg [3] => libxml [4] => openssl [5] => pcre [6] => sqlite3 [7] => zlib [8] => ctype [9] => curl [10] => dom [11] => filter [12] => ftp [13] => hash [14] => json [15] => SPL [16] => PDO [17] => pdo_sqlite [18] => Reflection [19] => session [20] => SimpleXML [21] => soap [22] => standard [23] => xml [24] => xmlreader [25] => Zmail [26] => mysqlnd [27] => cgi-fcgi [28] => bcmath [29] => bz2 [30] => calendar [31] => mbstring [32] => fileinfo [33] => gd [34] => gettext [35] => ibm_db2 [36] => iconv [37] => imagick [38] => imap [39] => intl [40] => ldap [41] => exif [42] => mcrypt [43] => mssql [44] => mysql [45] => mysqli [46] => oci8 [47] => pdo_dblib [48] => pdo_ibm [49] => pdo_mysql [50] => pdo_pgsql [51] => pgsql [52] => Phar [53] => posix [54] => pspell [55] => sockets [56] => tidy [57] => tokenizer [58] => xmlwriter [59] => xsl [60] => zip [61] => Zend Data Cache [62] => apc [63] => Zend Java Bridge [64] => Zend Job Queue [65] => Zend
Utils [66] => Zend OPcache [67] => Zend Code Tracing [68] => Zend Server Z-Ray [69] => Zend Monitor [70] => Zend Debugger [71] => Zend Page Cache [72] => Zend Monitor UI )

You can also check to see if a specific extension is loaded (maybe a good idea for your function/method call) by using the function "extension_loaded('ldap');" which will return a Boolean true if loaded. The function call is pretty speedy at about .022 ms so the minimal overhead might be worth the trouble in your application.

Lastly, phpinfo should also give you a perspective of the status. Like this:

ldap

LDAP Support enabled
RCS Version $Id: ab663b156be320c3bba8a7267187105adc47361a $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20423
SASL Support Enabled


Hope this helps!

Regards,

Mike

-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Jason Aleski
Sent: Tuesday, January 12, 2016 8:49 AM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] PHP on i Connecting to LDAP

I have a PHP script that is having trouble talking to Active Directory; from the IBMi. I believe the issue is with the PHP; specifically with the PHP-ldap extension. I have tested this script on a Linux server
(Nginx/PHP-FPM) and it works fine, but really need it to run on our IBMi. Below is some information about the script and what I've done to troubleshoot. It looks like PHP-LDAP is not compiled with PHP, but unsure and would like to verify. If that's not it, I'm not sure where to look or what changes to make to get this running.

* Using the adLDAP library; which requires PHP5, PHP LDAP Support
* The PHP script loads the adLDAP library
(http://adldap.sourceforge.net/); verified by looking at
get_included_files.
* The specific error says it cannot connect to the LDAP server; but
works fine from the Linux Server.
* Looking at the PHPINFO() on the IBMi, I do not see anything relating
to LDAP in the "configure command" section. However, I do see it
loading the ldap.ini in the "Additional .ini files parsed". I also
see in the "Configurations" section, it says LDAP Support is
enabled. The LDAP vendor and version are identical to the Linux Server.

Has anyone connected to LDAP from PHP on i? Guidance is appreciated.

Regards,
JA

--
Jason Aleski / IT Specialist

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.