LDAP URI's Not Working (w/ fix)

Steps to Reproduce:

  • Add LDAP auth provider (you will need an LDAP environment to test with).
  • Use a LDAP hostname in the form ldaps://server.example.com (as indicated in the text below the field).
  • Receive misleading error message when trying to login of Username or password are incorrect..


It seems that the deprecated form of ldap_connect() currently used doesn’t support an LDAP URI being passed as the host argument (at least in PHP 7.1). The below patch has been tested with an LDAP URI and a plain host and works in both cases on our (admittedly forked) install.

diff --git a/src/applications/auth/adapter/PhutilLDAPAuthAdapter.php b/src/applications/auth/adapter/PhutilLDAPAuthAdapter.php
index 14047c1761..33eac92da0 100644
--- a/src/applications/auth/adapter/PhutilLDAPAuthAdapter.php
+++ b/src/applications/auth/adapter/PhutilLDAPAuthAdapter.php
@@ -305,7 +305,11 @@ final class PhutilLDAPAuthAdapter extends PhutilAuthAdapter {
           'port' => $this->port,
-      $conn = @ldap_connect($host, $this->port);
+      if (strpos($host, "://") !== FALSE) {
+        $conn = @ldap_connect(pht("%s:%d", $host, $port));
+      } else {
+        $conn = @ldap_connect($host, $this->port);
+      }

Phabricator/Arcanist Version

If you have a bit of time to help me test a fix here, send me a private message here with an email address and I’ll get you an invite to secure.phabricator.com?

Your fix likely isn’t quite correct (for example, pht(...) is “PHutil Translate” and used to mark human-readable text for translation to other human languages like French and Spanish), but I’m not confident I can accurately replicate your environment to test a variation of the fix because every time I try to set up LDAP I spend several days becoming more and more confused and then literally die. But I could write an alternative patch and you could test it to confirm it works in your environment, if you have time.