Bug: Parameters for ldap_connect in PHP >= 8.3.0

[itweserems]

Code of Conduct

• [x] I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• [x] I have searched the existing issues

Version

10.0.18

Bug description

From PHP 8.3.0 upwards, there is a specific format for passing the connection parameter(s), i.e. the host and port: https://www.php.net/manual/en/function.ldap-connect.php

The format $ds = @ldap_connect($host, intval($port)); (as used in https://github.com/glpi-project/glpi/blob/9389461d8a207bdcdf4f50f9db9fc8acdf6c7bbf/src/AuthLDAP.php#L3093) is not allowed anymore. Instead, it must be one string containing host and port delimited by semicolon: $ds = @ldap_connect($host . ":" . $port);.

This came up when a customer tried to use LDAPS with PHP 8.3.0 and ldapsearch worked fine while GLPI struggled to get a connection. Fixing the connection string to the second code snippet example resolved this.

Relevant log output

Page URL

/front/authldap.form.php

Steps To reproduce

1. Install GLPI 10.0.18 with PHP 8.3.0 (in this case it's on Ubuntu 24.04 LTS)
2. Configure LDAP connection (in this case LDAPS to a "real" LDAP, not an Active Directory)
3. Test connection with bind => Test failed.

It's interesting that logfiles say it's invalid credentials, we were searching for hours since ldapsearch on CLI worked perfectly fine. But I guess it's some sort of consequential error.

Your GLPI setup information

No response

Anything else?

No response

[cconard96]

The method signature for ldap_connect that accepts a hostname and port as separate parameters is only deprecated, not removed. So, it shouldn't do anything except show a log entry.

Please provide the related log entries and the requested GLPI setup information.

[trasher]

Deprecated usages should indeed not break anything; but since parsing URI seems to be supported from a while, I guess it can be used.