Tickets :: [#12157] startTLS in pear/Horde/Ldap.php is incorrect

6.0.0-beta1

7/17/25

Summary	startTLS in pear/Horde/Ldap.php is incorrect
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	1. Low
Owners	jan (at) horde (dot) org
Requester	landsidel.allen (at) gmail (dot) com
Created	04/04/2013 (4487 days ago)
Due
Updated	12/17/2013 (4230 days ago)
Assigned
Resolved	10/17/2013 (4291 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

12/17/2013 11:16:52 AM	Git Commit	Comment #4	Reply to this comment
Changes have been made in Git (master): commit e5bba307fc81aceeb8f7f6186744e135e53c84fd Author: Jan Schneider <jan@horde.org> Date: Thu Oct 17 14:51:42 2013 +0200 [jan] Try starting TLS without querying the rootDSE (~~Bug #12157~~). framework/Ldap/lib/Horde/Ldap.php \| 21 ++++++++++++++------- framework/Ldap/package.xml \| 4 ++-- 2 files changed, 16 insertions(+), 9 deletions(-) http://git.horde.org/horde-git/-/commit/e5bba307fc81aceeb8f7f6186744e135e53c84fd

10/17/2013 12:55:26 PM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved Priority ⇒ 1. Low

10/17/2013 12:52:38 PM	Git Commit	Comment #3	Reply to this comment
Changes have been made in Git (master): commit 30df4a615b10d1edfea3faa4cccf39ae85b757ae Author: Jan Schneider <jan@horde.org> Date: Thu Oct 17 14:51:42 2013 +0200 [jan] Try starting TLS without querying the rootDSE (~~Bug #12157~~). framework/Ldap/lib/Horde/Ldap.php \| 21 ++++++++++++++------- framework/Ldap/package.xml \| 4 ++-- 2 files changed, 16 insertions(+), 9 deletions(-) http://git.horde.org/horde-git/-/commit/30df4a615b10d1edfea3faa4cccf39ae85b757ae

04/04/2013 05:39:44 PM	landsidel (dot) allen (at) gmail (dot) com	Comment #2 New Attachment: Ldap.php.patch	Reply to this comment
Added simple 'patch' to get rid of the issue.

04/04/2013 05:32:22 PM	landsidel (dot) allen (at) gmail (dot) com	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ startTLS in pear/Horde/Ldap.php is incorrect Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
The startTLS function in Ldap.php makes an attempt to fetch the rootDSE to see if TLS is supported, when TLS is enabled in the horde configuration for LDAP. When TLS is required by the LDAP server, this check fails because the connection is not yet TLS enabled due to ldap_start_tls() not having yet been called. Simple solution: Remove the rootDSE check. Commenting all lines in startTLS() up to the ldap_start_tls() command fixes the issue. More complex solution: Try ldap_start_tls() first, and if that fails, attempt to fetch the rootDSE to see if it reports as being supported.