Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
LDAP connection fails with multiple servers using STARTTLS #3639
I am configuring LDAP authentication with multiple servers (4 DCs in a ActiveDirectory domain). I can specify multiple servers separated with a space when using either LDAPS or unencrypted LDAP, but validation fails when selecting STARTTLS.
Validation with STARTTLS works with any individual DC, but not with any number greater than one.
I guess the problem is with how hostnames are passed down to the underlying OpenLDAP library. The problem goes away if I manually prepend "ldap://" to the hostname of each server.
For example, the following
But the following (without ldap:// URI) does not:
Exhibit A: Working config with LDAPS
Exhibit B: Exact same config with STARTTLS
Identical behaviour with either STARTTLS or LDAPS.
The exact same configuration that works with LDAP or LDAPS does not work with STARTTLS.
Manually prepending each server hostname with
Steps to Reproduce (for bugs)
Hi, thanks for the report.
I fear that the statement in PHP's documentation of
At least this is what your description sounds like. I'll investigate this but it smells like a bug already.