Reputation: 16445
Can't contact LDAP server on ldap_bind($con, $rdn, $pwd)
for a while now i'm fiddling around with an LDAP connection to an Active Directory Server for authentication. I tried this the PHP native way and also using Zend Framework. Even though the ldap_connect() works fine, as soon as i bind something, the ldapConnection appears to break down. This is the script i've tried
error_reporting(E_ALL | E_STRICT);
putenv('LDAPTLS_REQCERT=never');
$ldapcon = ldap_connect("FQSN", 636);
ldap_set_option($ldapcon, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapcon, LDAP_OPT_REFERRALS, 0);
$anon = ldap_bind($ldapcon, "CN=WebTestuserAW,OU=Benutzer,OU=DOM,DC=dom,DC=de", "Sommer2012");
//also tried:
//$anon = ldap_bind($ldapcon, '[email protected]', 'Sommer2012');
echo ldap_error($ldapcon);
Using the above i get Can't contact LDAP server. Doing a var_dump($ldapcon) returns a resource link. When trying to connect using the Zend Framework approach, the error may have some more hints, since some additional connection parameters are given
2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 1: host=FQHN,port=636,bindRequiresDn=1,baseDn=OU=Benutzer,OU=DOM,DC=dom,DC=de,accountFilterFormat=(sAMAccountName=%s),useSsl=1,useStartTls=,accountDomainName=dom.de,username=CN=WebTestuserAW,password=*****
2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 2: /var/www/html/login/library/Zend/Ldap.php(850): 0x1: Failed to retrieve DN for account: [email protected] [0x51 (Can't contact LDAP server): ldaps://FGHN:636]
2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 3: #0 /var/www/html/login/library/Zend/Auth/Adapter/Ldap.php(316): Zend_Ldap->bind('[email protected]', '*****')
I seriously just have no clue anymore. I've googled around, played a bit with LDAP-Protocol Versions, played around with the request certificate option, but simply nothing helps. The connection to the server works per se on ldap_connect but as soon as you bind something it doesn't work anymore. This remains true for anonymous binds, too.
At office no one has any clue and neither do i. So if anyone has any suggestions on what i can still try, i'd be very greatful for that! Thanks in advance.
Additional information:
- Server LDAP Config:
- LDAP Support enabled
- RCS Version $Id: ldap.c 299434 2010-05-17 20:09:42Z pajoye $
- Total Links 0/unlimited
- API Version 3001
- Vendor Name OpenLDAP
- Vendor Version 20343
- SASL Support Enabled
- Both ldap:// and ldaps:// has been tested
- ldap_connect() returns a resource link
- ldap_bind() doesn't work, ldap_errno() returns -1 (Can't connect to LDAP Server)
- LDAPTLS_REQCERT and TLS_REQCERT
Upvotes: 3
Views: 7053
Answers (2)
Reputation: 1
I had the same error today, and After I change
ldap_connect($host, $port)
To:
$uri = "ldap://localhost:389";
ldap_connect($uri)...
The ldap_bind(...) call works
Upvotes: 0
Reputation: 3221
By default, ldaps is not enabled in AD. Did you try connecting over port 389? Are you able to connect to it using some LDAP tool (like Apache Directory Studio)?
That's my guess as to why it's not working... but try using the FQDN of the DC too, or maybe even an IP.
Upvotes: 2
Related Questions
- LDAP_BIND Can't contact LDAP server
- Can't connect LDAP server - issue in ldap_bind();
- PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
- PHP ldap_connect + ldap_bind unable to bind
- PHP ldap_bind() authentication - error Unable to bind to server: Invalid credentials?
- ldap_bind() - Can't contact LDAP server
- PHP LDAP Connection Can't Contact LDAP Server
- ldap_bind() not working
- PHP ldap bind issue
- Getting Error " Can't contact LDAP server" using PHP ldap_bind function