3

I'm finally at my wits end. I've been Googling this issue for a week now. I've tried troubleshooting my Mac (10.12 Sierra) and my domain controllers (Windows Server 2016) and I am no closer to solving my issue.

My issue is that when using PHP's ldap_connect() function, it takes about 5 seconds before I get a response. Things just sort of hang for 5 seconds then I get a successful connection. The exact command to replicate this (assuming my DC has an IP address of 192.168.2.5):

$ldap = ldap_connect('ldap://192.168.2.5:389');

I'm not using SSL or TLS. It's just a simple plaintext connection to a DC with its firewall completely turned off. I ended up installing Wireshark on my DC to get more information with what is going on and I noticed this:

No. | Time | Source | Destination | Protocol | Length | Info

1 | 327 | 192.168.2.108 | 224.0.0.251 | MDNS | 83 | Standard query 0x0000 A Ryans-MacBook-Pro.local, "QU" question

2 | 328 | 192.168.2.108 | 224.0.0.251 | MDNS | 83 | Standard query 0x0000 A Ryans-MacBook-Pro.local, "QM" question

3 | 331 | 192.168.2.108 | 224.0.0.251 | MDNS | 83 | Standard query 0x0000 A Ryans-MacBook-Pro.local, "QM" question

4 | 332 | 192.168.2.108 | 192.168.2.5 | TCP | 78 | 49860 > 389 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=32 TSval=371626102 TSecr=0 SACK_PERM=1

5 | 332 | 192.168.2.5 | 192.168.2.108 | TCP | 74 | 389 > 49860 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=2494847497 TSecr=371626102

6 | 332 | 192.168.2.108 | 192.168.2.5 | TCP | 66 | 49860 > 389 [ACK] Seq=1 Ack=1 Win=131744 Len=0 TSval=371626102 TSecr=2494847497

7 | 332 | 192.168.2.108 | 192.168.2.5 | LDAP | 96 | bindRequest(1) "ldap" simple

8 | 332 | 192.168.2.5 | 192.168.2.108 | LDAP | 88 | bindResponse(1) success

As you can see, when I initiate the ldap_connect() function, I immediate see the first packet at 327 seconds (since running Wireshark). I see 3 mdns packets for a total of 5 seconds. Then on the fourth, fifth and sixth packets I see the TCP three-way handshake and then it continues to give me a successful ldap connection. Therefore the 5 second delay I'm seeing is all mdns packets or Apple's Bonjour? At this point, I have no idea how to fix this.

Disclaimer: I am using Laravel Valet which uses dnsmasq. I have no idea if this is causing my issue or not. I have not uninstalled this software yet to find out.

edit: I've ruled out Laravel Valet. I completely uninstalled it and it's still an issue. I've also ruled out Laravel. I'm running this script and the issue still exists:

<?php

$start = microtime(true);

$ldap = ldap_connect('ldap://192.168.2.5:389');

$end = microtime(true);

echo $end - $start;

edit2: Ok I've gotten further with solving this. I installed Wireshark on my Mac and noticed the below as well.

enter image description here

Then I ran this command: ➜ ~ scutil --dns DNS configuration

resolver #1
  search domain[0] : corp.[redacted].com
  nameserver[0] : 192.168.2.4
  nameserver[1] : 192.168.2.5
  if_index : 7 (en3)
  flags    : Request A records
  reach    : Reachable, Directly Reachable Address

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300000

It's my hostname! My hostname is causing a 5 second delay trying to resolve it using multicast DNS. Why? .local is a reserved domain so why would Apple append it to my hostname?

enter image description here

As you can see, it automatically appends .local.

Anyway, I've resolved my issue by adding 127.0.0.1 Ryans-MacBook-Pro.local to my /etc/hosts file. For some reason it wasn't in there.

My ldap_connect() is now instant like it should be!

Bugs
  • 4,491
  • 9
  • 32
  • 41
Ryan Mortier
  • 763
  • 1
  • 10
  • 23
  • I also get that 5 secs when resolving from `/etc/hosts` ... seems like an mDNSresponder issue . – YvesLeBorg Jun 26 '17 at 13:17
  • Since I'm using the ip address of the server and not the hostname or FQDN, I have no idea why it would even try to resolve out of /etc/hosts or even DNS for that matter? – Ryan Mortier Jun 26 '17 at 13:20
  • after investigating, it seems that i get the 5 seconds when coming from a php process (cli and via sapi) ... and not in shell. More investigation in progress. – YvesLeBorg Jun 26 '17 at 13:26
  • this solves it for me , but not certain how it relates to ldap : `curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);` , apparently some weird issue with ipv6. If you have access to php.ini, try to add this via `curl` options. – YvesLeBorg Jun 26 '17 at 13:38
  • I don't see any options like that for `ldap_connect()` http://php.net/manual/en/function.ldap-set-option.php – Ryan Mortier Jun 26 '17 at 13:42
  • i was suggesting `php.ini` , default curl options (possibly in conf.d/ext-curl.ini on a mac., because under the hood php's `ldap_connect` could rely on php's `curl`. – YvesLeBorg Jun 26 '17 at 13:44
  • See my edit2. I seem to have fixed this. Can you tell me what your `/etc/hosts` file looks like? – Ryan Mortier Jun 26 '17 at 16:20
  • the most interesting part is that ldap_connect does *not* connect to the server. Internaly it calls ldap_initialize which creates an LDAP resource but does not open a network connection. The connection will be established as soon as a network connection is necessary (usually on ldap_bind) - That does *not* refer to f.e. DNS queries or stuff like that... – heiglandreas Jun 27 '17 at 14:37
  • It must be? It's initiating a 3 way TCP handshake? – Ryan Mortier Jun 27 '17 at 21:03
  • How did you get PHP installed on your MAC? – John R Smith Aug 10 '17 at 11:34
  • https://brew.sh/ then `brew install php71` – Ryan Mortier Aug 10 '17 at 15:26

1 Answers1

5

Make sure your hostname is in the /etc/hosts file like this:

127.0.0.1 localhost Ryans-MacBook-Pro.local

Just replace my hostname with yours.

Ryan Mortier
  • 763
  • 1
  • 10
  • 23