Is your server up? Verify that it is up by telneting to port 389 first. This looks like a server not running issue.
ThirdOne
2009-07-06 06:38:39
+2
A:
A:
Here is a fun one! As far as I understand it, according to the LDAP standard, a bind with a username, but no password counts as an anonymous bind.
So connect with a valid user, but no password, and see if you get connected and access. If so, it allows Anonymous binds, if not, you should get back something like LDAP -13 confidentiality required.
geoffc
2009-07-06 13:16:13
That's called an unauthenticated bind and differs somewhat from an anonymous bind.
Stefan Gehrig
2009-07-06 13:20:22
True, but a bind with no password, gets rights as if it were an anonymous bind.
geoffc
2009-07-06 20:08:37
A:
Are you trying to check whether your specific server supports anonymous binds (1) or are you looking for a generic way to determine if some LDAP server supports anonymous binds (2)?
(1) What server are you testing against? OpenLDAP provides the following configuration settings:
disallow bind_anon: dissallows anonymous binds; enabled by defaultallow bind_anon_cred: allows so called unauthenticated binds (username but no password provided); disabled by defaultdisallow bind_simple_unprotected: disallow simple binds over non-TLS-connections; enabled by defaultdisallow bind_simple: disallow simple binds completely; enabled by default
So you should check if your server configuration disbales anonymous binds.
(2) A generic way to check for anonymous bind support would be to suppress warnings on ldap_bind() and check the result:
function isAnonymousBindSupported($ldap)
{
return @ldap_bind($ldap)
}
Your error message
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /var/www/sue/ldapTest2.php on line 14
though is actually a clear sign that there is some sort of connection problem between the computer running your script and the LDAP server. Connection errors are not reported on a call to ldap_connect() as no connection attempt is made prior to calling ldap_bind() - all connection errors will therefore be raised on ldap_bind().
Please check the following:
- Is the computer running your script able to resolve the name
apservvia DNS? You can test this bypingingapservby its name or by runningnslookup. - Can you ping the IP address of
apserv? - Can you connect to the server using its IP address?
- Is there a firewall that blocks access to port 389 of the target machine?
- Are you able to connect to the LDAP server with some sort of LDAP tool?
Stefan Gehrig
2009-07-06 13:28:30