LDAP TLS_REQCERT in WAMP

Question

I am setting up a development WAMP stack and need to set the TLS_REQCERT option to never on the ldap.conf but there is no such file in the WAMP directory. I also grepped for 'TLS_REQ_CERT' with the only result being the php_ldap.dll. Any thoughts?

Answer 1

There is a cleaner and easier way to set the TLS_REQCERT option when connecting to ldap.

Try this directly in php:

$ds = ldap_connect('ldaps://myhost:636');
ldap_bind($ds, '{your_ldap_dn}', '{your_ldap_password}')
ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);

Consult https://www.php.net/manual/en/ldap.constants.php to find the documentation of other options (LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_TRY).

Answer 2

Adding the line to C:/OpenLDAP/sysconf/ldap.conf worked for me on WAMP 3.1.3 32bit

Answer 3

Thanks to Satish for the direction on the solution.

Windows 8 x64 Enterprise WAMP Server(32 bit, PHP 5.4)- http://www.wampserver.com/en/

To enable LDAPS the ldap.conf file must be in C:/OpenLDAP/sysconf/ even if you do not have OpenLDAP installed. Then the TLS_REQCERT option can be set. I had to do the following after installing WAMP Server:

1. Enable Apache ssl_module and ldap_module
2. Uncomment 'Include conf/extra/httpd-ssl.conf' in httpd.conf
3. Copy over crt and key files
4. Configure httpd-ssl.conf
5. Enable the openssl and ldap_php extension in PHP
6. Copy libsasl.dll from the php directory to the apache bin directory
7. Copy ldap.conf to C:/OpenLDAP/sysconf/ldap.conf

And it works!