问题
I have a Laravel application on a Windows Server 2016, with IIS 10 and PHP 7.2.
The application is required to do Active Directory authentication. For this I use https://github.com/Adldap2/Adldap2-Laravel. Authentication was working for a regular LDAP connection to the corporate DC on port 3268, but when I enable SSL and connect it to port 3269 or 636 I get an 500: Internal Server Error "The FastCGI process exited unexpectedly" when my code reaches ldap_bind().
I know SSL works on the DC as I can connect on the same server with ldp.exe tool.
This is my config that is used in the application for authentication (with the default login controller)
LDAP_HOSTS='dc.example.corp.com'
LDAP_PORT=636
LDAP_BASE_DN=''
LDAP_USE_SSL=true
LDAP_USE_TLS=false
LDAP_USERNAME=######################
LDAP_PASSWORD=############
I usually do my testing on a file with the following code in my public directory:
$a = ldap_connect("ldaps://dc.example.corp.com:636");
ldap_set_option($a, LDAP_OPT_PROTOCOL_VERSION, 3); // v3 = UTF8 encoding
ldap_set_option($a, LDAP_OPT_REFERRALS, 0);
$r=ldap_bind($a);
echo "-$r-";
I have also tried debugging with DebugDiag, but when analysing the dump created by the crash it returns the following error:
Description Recommendation
WARNING - DebugDiag was not able to locate debug symbols for \libcrypto-1_1.dll, so the information below may be incomplete.
In php__PID__6684__Date__11_28_2019__Time_10_24_08AM__912__Second_Chance_Exception_C0000005.dmp the assembly instruction at libcrypto_1_1!CRYPTO_memcmp+29530 in C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll from The OpenSSL Project, https://www.openssl.org/ has caused an access violation exception (0xC0000005) when trying to read from memory location 0x2a4b6fe0 on thread 0
Please follow up with the vendor The OpenSSL Project, https://www.openssl.org/ for C:\Program Files (x86)\PHP\v7.2\libcrypto-1_1.dll
and also hundreds of lines saying the same:
libcrypto_1_1!CRYPTO_memcmp+29594
I don't know where the problem resides as of this moment and am unsure how to proceed.
回答1:
I have been able to solve my own problem by looking further into the libcrypto messages. I found a post referencing a bug when using php 7.2.14 and openssl 1.1.1 (bugs.php.net/bug.php?id=77440).
I deleted my libcrypto-1_1.dll and libssl-1_1.dll files and replaced them with once from openssl 1.1.0j. After restarting my server everything worked!
来源:https://stackoverflow.com/questions/59087672/php-ldap-bind-gives-500-internal-server-error-when-binding-with-ssl-but-not-reg