Apache/PHP ldap stops working. Requires restart of apache

apache-2.2 php openldap centos6.5

I currently have a setup where users log in to a website using LDAP credentials. It's all internal so I don't really care a ton about certificates. So, in my /etc/openldap/ldap.conf file I have TLS_REQCERT never. Before adding that to the file I was always getting the error Error Binding to LDAP: TLS: hostname does not match CN in peer certificate. After adding that everything seemed to work fine. However now I'm finding that after some time, maybe a few hours to a day, the logins will fail again, and I'll start getting that error. If I restart apache everything works fine again for a while. Then the error pops up again. What could be causing this to keep happening? The server is a CentOS 6.5.


You must check the certificate validity, maybe the problem be related with this bug:

TLS_REQCERT=never ignored when the issuer certificate is expired

Summary:

Description of problem:

Setting TLS_REQCERT=never is ignored, when the server certificate is before/after validity period. In that moment, connection fails.

Version-Release number of selected component (if applicable):

openldap-2.4.23-15.el6
openldap-2.4.24-3.fc15

How reproducible:

Set up certificates in slapd to allow TLS/SSL. The certificate can be invalid (invalid issuer, invalid server name, etc.).

Run: LDAPTLS_REQCERT=never ldapsearch -x -ZZ ...

The execution will be successful, TLS will be used.

Change your system time out of the validity period of the certificate. Run the same command again. The command will fail this time.

Update:
You have disable certificate checking in the OpenLDAP ldap.conf (which should apply to php-ldap too).
Add in your PHP code, before the ldap_connect, put the following:

putenv('LDAPTLS_REQCERT=never');

Need help ignoring server certificate while binding to LDAP server using PHP

How do I solve ldap_start_tls() “Unable to start TLS: Connect error” in PHP?

Update 2:

Another problem may be that the apache server is not taking the ldap.conf configuration file correctly, take a look in this links where the problem is described:

http://php.net/manual/en/function.ldap-connect.php#36156

I hope this helps

Related

Kubernetes trouble - /var/lib/calico/nodename: no such file or directory
HP P420 Bandwidth Limitation
How can I move packages between Spacewalk channels?
query Kerberos encryption modes supported by AD through LDAP
Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
How to use Select2 with JSON via Ajax request?
create object using variables for property name [duplicate]
Eclipse - java.lang.ClassNotFoundException
Is there a difference between /\s/g and /\s+/g?
how to change a drawableLeft icon size on a button?
How can I redirect the output of the "time" command?
Xcode "Could not launch". Only reports "Security" as error