The ldap extension cannot be built on Solaris with Oracle Instant Client about php-src HOT 19 OPEN

Yes, I believe ldap/config.m4 should be updated and the Oracle references removed.

Instant Client has an older version/API of LDAP. This is almost certain to never change - you can follow up Oracle bug 14049255 I logged ages ago that isn't go to go anywhere. In summary, don't build PHP's LDAP extension with Instant Client.

If you ever need to have both PHP LDAP and OCI8 installed, the traditional technique was to add OCI8 as a shared library after PHP was built.

from php-src.

but I still wonder why ldap_connect_wallet() had been introduced in the first place.

It was because I thought that people needed the functionality provided by ldap_connect() when HAVE_ORALDAP is available. But to be honest I didn't know that Oracle Instant Client support is completely wrecked, since I didn't perform tests under this system. :/

from php-src.

Possibly also cc @MCMic

from php-src.

I was looking for the mentioned RFC in the wrong place, but finally found it.

Anyhow, isn't there a place now where such future changes are tracked? If so, this ticket could be closed.

from php-src.

Maybe we should be pragmatic here: we know there is broken functionality, but so far nobody has committed to fix. Okay. If someone provides a fix, we should merge it; if "many" people complain that the functionality is broken, and offer help to fix it, we might fix it. And if the functionality gets fixed, the RFC can proceed as planned. If it doesn't get fixed, we still can consider what to do about it for PHP 9.

from php-src.

/cc @cjbj

from php-src.

I also saw in ext/ldap/config.m4 that it seems to support Solaris LDAP too, not just OpenLDAP. Does the extension still work with non-OpenLDAP implementations, or should we just commit to OpenLDAP only? Windows version seems to be hardcoded for OpenLDAP.

from php-src.

Windows version seems to be hardcoded for OpenLDAP.

Right, and I'm not aware of any requests to open this for other LDAP implementations. And regarding the official Windows builds, I don't think that there are any plans to use another implementation.

from php-src.

There is now initial PR created #15067

However, I'm probably missing something more here. The ldap_connect_wallet function was implemented in PHP 8.3 when HAVE_ORALDAP symbol is defined. As an alternative to the ldap_connect() with 3 arguments specific to Oracle. But I have no idea how this was meant to work without Oracle Instant Client. Does perhaps @kocsismate know about this what to do here?

Oracle Instant Client provides also 3 specific constants: GSLC_SSL_NO_AUTH, GSLC_SSL_ONEWAY_AUTH, and GSLC_SSL_TWOWAY_AUTH, which would also be removed with this... Regarding these 3 constants there was also a fix done in master (current PHP-8.4-dev) branch #14313 so I think removal of these 3 is not problematic as they were never available in PHP actually.

from php-src.

I think #5177 (comment) clarifies this a bit.

from php-src.

I think #5177 (comment) clarifies this a bit.

Thanks. This makes sense now :) Got it. Let's wait with all of this until PHP 9 then and remove it then.

from php-src.

I was looking for the mentioned RFC in the wrong place, but finally found it.

Anyhow, isn't there a place now where such future changes are tracked? If so, this ticket could be closed.

I'm not sure there is any tracker for these. I'd prefer to leave this opened because this is sort of a separate issue related to the build system also. By removing the Oracle Instant Client installation feature all Oracle specific LDAP features are also removed. And by having current implementation there is no way to use this function realistically without some heavy patching of C code. Which is not good at all.

from php-src.

https://wiki.php.net/rfc#pending_implementationlanding already tracks the remaining parts of https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures.

By removing the Oracle Instant Client installation feature all Oracle specific LDAP features are also removed. And by having current implementation there is no way to use this function realistically without some heavy patching of C code. Which is not good at all.

Oh now I see! I consider it quite likely that this needs to be fixed; otherwise the ldap_connect() section of the mentioned RFC would have been pretty pointless (or maybe worse). /cc @kocsismate

from php-src.

PHP 8.4 RMs might be interested in this: @ericmann, @NattyNarwhal, @SakiTakamachi.

from php-src.

Did we ever get any bug reports about the Oracle LDAP stuff not building before? Since it straight up didn't compile, it's arguably a BC break if we remove it for 8.4, but if a tree falls in the woods and no one hears it....

from php-src.

Did we ever get any bug reports about the Oracle LDAP stuff not building before? Since it straight up didn't compile, it's arguably a BC break if we remove it for 8.4, but if a tree falls in the woods and no one hears it....

Yes, sorry. I forgot to mention in the comments. I've only edited above post about the previous report, but this was reported also here:

https://bugs.php.net/80926

from php-src.

Oh, I thought this was related to unbundling oci8 and pdo_oci. If not, than this is nothing new regarding PHP 8.4, but I still wonder why ldap_connect_wallet() had been introduced in the first place.

from php-src.

At least someone should have noticed this, ideally before you had invested all the time.

from php-src.

Well, that's good news then so it's clear that the ldap_connect_wallet() is meant only for LDAP installation with Oracle Instant Client. So, basically these two are "breaking changes":

• ldap_connect_wallet()
• and PHP constants that never existed GSLC_SSL_NO_AUTH, GSLC_SSL_ONEWAY_AUTH, and GSLC_SSL_TWOWAY_AUTH

The issue is how to handle this because there was an RFC created for it and everything. I'd suggest to simply remove all of these in PHP-9. Or if someone creates a super fast RFC for PHP-8.4 to deprecate the ldap_connect_wallet and Oracle Instant Client installation. 🤔 Probably timeline before the 8.4 feature freeze is too short for all of this.

from php-src.