OCI8 extensions load in CLI but not browser
I have found the cause of the issue but I do not know how to permenantly solve it. Apparently, our test server is using SELinux set to "Enforce". Setting it to "Permissive" allows Apache/PHP to run the oci8 extension. My boss, however wants SELinux set back to "Enforce" for which I do not blame her. I'm going to look into creating an exception for Oracle/oci8.
Re. SELinux and OCI8 when running as an Apache module
Suggested solution from http://old.nabble.com/php-with-oci8-td16460446.html
you can customize your policy to allow this access using audit2allow
# grep http /var/log/audit/audit.log | audit2allow -M myhttp # semodule -i myhttp.pp
This should allow you to run these oracle apps with SELinux in enforcing mode.
There's also a thread about this on the oracle forums
Ensure that you have ORACLE_HOME, ORACLE_SID and LD_LIBRARY_PATH in the Apache envvars. Remember that Apache is running as a daemon, so it doesn't necessarily have access to the same environment variables as when you run your PHP scripts from the command line.
ORACLE_HOME=/u01/app/oracle/product/10.1ORACLE_SID=orclexport ORACLE_HOME ORACLE_SIDexport LD_LIBRARY_PATH=${ORACLE_HOME}/lib:${LD_LIBRARY_PATH}
Depending where your database server is and how you connect to it you may also want to set TWO_TASK or TNS_ADMIN. To ensure the correct character set is used, you may also want to set NLS_LANG.
EDIT
I normally build PHP from source, so I have full control:
Assuming that the standard Oracle Client is running on the server, then my ./configure includes:
--with-pdo-oci=$ORACLE_HOME
On the couple of occasions when I've needed to build for the Oracle instant client, I've used
--with-pdo-oci=instantclient,/usr,10.2.0.3
in my ./configure line
Note that I use PDO_OCI rather than OCI8, but the ./configure should be similar
The other step that I take when deploying to a new server is to ensure that the apache user/group (as defined by the User and Group directives in httpd.conf... my apache runs as user "daemon") will have read and execute privilege to the files under ORACLE_HOME