Php executes with different results in command line than when browsed to in Apache

Posted on

Php executes with different results in command line than when browsed to in Apache – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, centos, php, ldap, centos7.

I setup a CentOS 7 vm webserver with the LAMP stack. Over the last few days I have been trying to get an LDAPS connection working to my Windows Server 2008 R2 Domain Controller.

I have been able to connect to my DC with: ldapsearch -H "ldaps://server.ad.com" -D "domainuser-name" -W for a couple days. I am also able to use the openssl s_client -connect server.ad.com -prexit command to verify the SSL cert (as I am using a self-signed cert).

However, whenever I browse to my PHP webpage in the /var/www/html/test/index.php I always receive “Can’t contact LDAP server” errors when trying to ldap_bind(). Yesterday I tried running the PHP file from command line: php /var/www/html/test/index.php and found that my PHP ldap_bind() works every time when using the command line.

Searching on the internet, I have found that often the PHP-CLI and PHP Apache will use different php.ini files, but running the php --ini command only shows me a single php.ini file located in /etc/php.ini.

I am trying to figure out why PHP executes correctly from the command line but not when browsed to/run through Apache. Any info/ideas to help solve this would be greatly appreciated, thank-you!

If it works from the command-line but not via Apache, then it’s one of a few things.

  1. The user running the code (you vs apache)
  2. SELinux is getting in the way

I guess they’re sort of inter-related, but I’d suggest trying the pages with SELinux disabled and go from there.

As GregL said, this is SELinux related, I had the same problem today and I didn’t remember that SELinux was enabled.

[root@centos7 ~]# getsebool -a | grep http | grep ldap
httpd_can_connect_ldap --> off

So, if you do not want to disable SELinux globally, authorize it

setsebool -P httpd_can_connect_ldap on

Perhaps you will need other things to enable (remote database access, …), check with

getsebool -a | grep httpd

Leave a Reply

Your email address will not be published.