Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Check if the LDAP server is available before connecting

Before connecting with ldap_connect and ldap_bind to the LDAP server,
the server will be pinged in order to ensure that it is available.

If this is not done, the connection will wait until it times out
(typically after 30 seconds). This way of implementing it is needed
because the PHP LDAP library does not provide a way to specify a
timeout.
  • Loading branch information...
commit fbf6344c249bdd6914025c92d1fd3546e86e64ea 1 parent 1b71759
@phidah authored
Showing with 24 additions and 0 deletions.
  1. +24 −0 Driver/LdapConnection.php
View
24 Driver/LdapConnection.php
@@ -3,6 +3,7 @@
namespace FR3D\LdapBundle\Driver;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
class LdapConnection implements LdapConnectionInterface
{
@@ -54,9 +55,32 @@ public function bind($user_dn, $password)
return @ldap_bind($this->ldap_res, $user_dn, $password);
}
+ /**
+ * Ping the LDAP server before trying to open the LDAP connection.
+ * This compensates for the lack of a timeout parameter on the PHP LDAP library.
+ * Without this, the LDAP library will listen for a long period of time,
+ * resulting in the user having to wait far too long.
+ *
+ * Timeout is two seconds.
+ *
+ * @throws AuthenticationServiceException If the LDAP server is unavailable.
+ */
+ private function checkServer() {
+ $socket = @fsockopen($this->params['host'], $this->params['port'], $errno, $errstr, 2);
+
+ throw new AuthenticationServiceException(sprintf('LDAP Server Unavailable: Error %s: %s.', $errno, $errstr));
+ }
+
+ fclose($socket);
+ }
+
private function connect()
{
$host = $this->params['host'];
+
+ // Check if the server is alive
+ $this->checkServer();
+
if (isset($this->params['useSsl']) && (boolean) $this->params['useSsl']) {
$host = 'ldaps://' . $host;
}
Please sign in to comment.
Something went wrong with that request. Please try again.