I have a simple php script using to test bind to MS active directory, in order to use it for login to an php application. When it runs on browser, responds error: "Can't contact LDAP server", but in terminal works fine.
OS centos 7
php 5.6.40
$ldad = ldap_connect('ldap://{LDAP}.{DOMAIN.COM}','389')
or die('Cannot connect');
ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap,LDAP_OPT_REFERRALS,0);
if($bind=ldap_bind($ldap,'{USERNAME}#{DOMAIN.COM}','{PASSWORD}')) {
echo "\n\nSuccess Binding!\n\n";
ldap_unbind($ldap);
}
else {
echo ldap_error($ldap);
}
Any suggestions?
Solution found and has to be shared:
SElinux was enabled. I found better to run
semanage boolean -l
to find out if it was on or off, httpd_can_connect_ldap was off so I alter to on using
setsebool -P httpd_can_connect_ldap on
I hope I helped someone with familiar problem.
Related
This is not about 'localhost'. Both the command line version of 'mysql' as well as a script I wrote in Perl (using perl-DBD-MySQL) can login, get to this database and work with it. Only PHP gives the permission denied error, and that error is not reported in any of the various log files. I even went as far as creating a simple test user in the database to avoid any issues with special characters in the password:
create user 'web'#'%' identified by 'Iamnotarobot';
and again the command line can login with this credential but PHP says permission denied.
I don't know what is throwing the error so I can't address it. I'm literally lost.
Relevant info:
RHEL 8 = 4.18.0
php 7.2.11
nginx 1.14.1
And here's the actual code that's failing:
<?php
$host="core";
$user="web";
$pass="Iamnotarobot";
$db="mydb";
$conn = new mysqli($host,$user,$pass,$db);
if( $conn->connect_errno ) {
exit($conn->connect_errno);
}
?>
It turned out to be an selinux issue. Here's how I fixed it:
setsebool -P httpd_can_network_connect_db 1
Now with setenforce back to '1', the page can connect to the database.
Check with php-mysql package installation.
If perl can connect remotely and php could not...the issue is with php-mysql installation only.
Working on an EL7 system with PHP 5.6 and openldap 2.4.40.
I'm able to query the remote ldaps server using ldapsearch:
ldapsearch -H ldaps://ldap.example.com -D
"CN=serviceaccount,OU=Services,DC=example,DC=com" -x -w "sapass" -LLL
-b "DC=example,DC=com" cn="acoder"
This returns expected data on user acoder.
Moving to PHP, I'm attempting to bind to the same server using the same credentials and pass (sapass) above.
// server settings
$srvc_id = 'serviceaccount';
$srvc_pass = "somepass";
$ldap_host = "ldaps://ldap.example.com";
$srvc_dn = "CN=$srvc_id,OU=Services,DC=example,DC=com";
$user_filter = "(uid=$form_user)";
$ldap_conn = ldap_connect($ldap_host);
if ($ldap_conn)
{
echo "<p>Connected to \$ldap_host $ldap_host at line ";
$r = ldap_bind($ldap_conn, $srvc_dn, $srvc_pass);
if (!$r)
{
echo "<p>failed to bind with service account credentials.";
} else {
echo "<p>binded OK.";
}
}
If I temporarily add this to /etc/openldap/ldap.conf, the script works:
TLS_REQCERT never
Once I comment that out, the script fails with "Can't contact LDAP server".
If I add TLS_CACERTDIR /etc/openldap/certs to ldap.conf, the script works fine when called from command line.
TLS_CACERTDIR /etc/openldap/certs
# TLS_REQCERT never ### only use for testing ###
It seems like httpd isn't reading a necessary certificate and is thus not able to communicate with the remote LDAP server.
The PHP/LDAP setup tutorials I've looked at work with EL6, and I am running EL7.
SOLVED!
SELinux is running Enforced. If I temporarily disabled SELinux, the ldap test script worked fine in a browser.
That led me to this helpful answer and this CentOS Wiki on SELinux. Here we learn:
SELinux doesn't allow your httpd daemon to talk to the LDAP
server on the same machine.
Ah. It turns out SELinux has a multitude of fine-grained switches to allow specific activity from different processes. In my case, SELinux was configured out of the box to disallow LDAP connectivity (even though ldaps is enabled in firewalld).
You can check SELinux configuration of httpd using:
getsebool -a | grep httpd
which returns:
[acoder#myboxen]# getsebool -a | grep httpd
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
To enable SELinux network connectivity through httpd:
setsebool -P httpd_can_network_connect on
No need to restart Apache. My ldap script worked fine from that moment on.
As above, be sure to remove TLS_REQCERT never from your /etc/openldap/ldap.conf and of course set SELinux back to Enforcing with setenforce 1.
Hope this is helpful to others.
Brief Intro
I'm now using stomp to connect with ActiveMQ based on a PHP site running on apache server.
The Stomp can run in bash but can't run in apache.
Preparation
I install stomp by
pecl install stomp
and modify the php.ini with
extension=stomp.so
I have a 'index.php' like this:
<?php
echo 'runing-';
/* connection */
try {
$stomp = new Stomp('tcp://localhost:61613');
echo 'connecting-';
} catch(StompException $e) {
die('Error! Connection failed: ' . $e->getMessage());
}
$stomp->send('/queue/test', 'Hello from PHP');
echo 'finished.';
/* close connection */
unset($stomp);
?>
Start Working
Firstly, I run with
$ php index.php
And it echo as my expectation:
$ php index.php
runing-connecting-finished.
Then I open it in browser:
http://localhost/index.php
It reports
runing-Error! Connection failed: Unable to connect to localhost:61613
Question
I've searching resolution for this error all day...
I guess apache block the request from stomp since it runs successfully in bash.
What should I do to fix this bug?
Thanks really.
an experienced colleague called Justin get things done!
Though not really understand this situation,
I post my solution here:
Firstly, I run sestatus:
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Justin told me to change settings in /etc/sysconfig/selinux to
SELINUX=permissive
Then I restart and run sestatus again:
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted
Finally things work!
Linux stuff still seems a little magical for me.
Who knows something about this please give an explanation about this.
Thanks a lot.
Using the following bits:
<?php
require('vendor/autoload.php');
$client = new Everyman\Neo4j\Client('localhost', 7474);
print_r($client->getServerInfo());
?>
If I run this as php test.php I get the expected output.
If I run this via http://server/test.php I get connection errors.
[24-Jun-2014 05:49:52] PHP Fatal error: Uncaught exception 'Everyman\Neo4j\Exception'
with message 'Can't open connection to http://localhost:7474/db/data/' in
/var/www/html/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Transport/Curl.php:91
Clearly I've monkeyed up something with either my PHP config or the installation of this library. Suggestions on where to look?
Installed per these instructions.
Running on CentOS 6.4 (x64), PHP 5.3.3
NOTE: I've made successful connections from other machines back to this server so I know the neo4j server is working. It just doesn't seem to want to let me connect locally when called via browser.
I had same issue, it was caused by SeLinux
Try disabling it by:
echo 0 >/selinux/enforce
then recheck connection.
If solved configure SeLinux permissions.
In my case httpd_can_network_connect should be on
setsebool -P httpd_can_network_connect on
echo 1 >/selinux/enforce
Helpful manual:
http://wiki.centos.org/TipsAndTricks/SelinuxBooleans
I just wanted to take a look at Mongo-DB. But i just don't get it running. I've installed it with PECL and my phpinfo() tells me that the extension is loaded, but when i try to get a connection with
$mongo = new Mongo();
I get this:
Fatal error: Uncaught exception 'MongoConnectionException' with
message ': Transport endpoint is not connected'
Anybody have the same Problem? ... Or any Idea on this?
Please don't take this the wrong way, but have you actually got the server running? Only it looks like your error relates to a failure to connect and you've made no mention of the server or where it is located (localhost on the default port for example)
any server start method, such as "/etc/init.d/mongodb start" or "service start mongodb" will fail, if a stale lock file still exists. In Ubuntu/Debian this is /var/lib/mongodb/mongod.lock. Look for this and delte it, if it exists and seems to be an old one.
check out whether server is running or not..
/etc/init.d/mongodb start
then go to
root#kannan-desktop:~# mongo
MongoDB shell version: 1.6.3
connecting to: test
>
Don't forget to change the IP in your mongod.conf if it's a new installation.
custom string looks like that
mongodb://username:password#host:port/database
First Change the Default db path by following command
$ sudo mkdir -p /data/db/
$ sudo chown id -u /data/db
and then the final command is..
$ mongod --journal
Do not close terminal until you are working with mongoDB
It works for me...
just write mongod in your terminal and will work well