Reputation: 1
PHP on IIS - unable to bind to Active Directory over LDAPS
I'm working on a small password reset script for our users, using PHP5 on an IIS7.5 server. I have LDAP over SSL enabled on our Active Directory controllers, and tested that it is working properly using ldp.exe
Here's the code to connect to the server:
$ldap_server = "ldaps://AD02.district.local";
$ldap_port = "636";
$ldap_user = "[email protected]";
$ldap_pass = "(goes here)";
$ds = ldap_connect($ldap_server,$ldap_port);
ldap_bind($ds,$ldap_user,$ldap_pass);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
However, when I execute the script, I get the following error:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in D:\Sites\Lookup\search.php on line 11
If I set $ldap_server to use ldap:// instead of ldaps://, it'll connect (even with the port set to 636), but the actual reset function does not work ("server is unwilling to perform").
Is there a way to troubleshoot this further? Or does anyone know what may be wrong?dd
Upvotes: 0
Views: 3460
Answers (1)
Reputation: 388
I know this is an old question. But today I encountered the same problem.
I had to apply the following solution to make it work:
- Create a folder: C:\OpenLDAP\sysconf
- Create a file 'ldap.conf' in C:\OpenLDAP\sysconf.
- Make the content of the file: 'TLS_REQCERT never' (no quotes).
- Save.
It should work now. According to the manual, “TLS_REQCERT never” prevents the server from requesting and/or checking any server certificate.
Upvotes: 1
Related Questions
- PHP - LDAP with SSL fail to bind
- Authenticating in PHP using LDAP through Active Directory
- PHP ldap_connect + ldap_bind unable to bind
- php bind ldap to active directory
- LDAPS not connecting with PHP
- PHP LDAP binding AD with the server's user account
- ldap_bind() not working
- PHP LDAP connection authenticates without DN information
- PHP & IIS: LDAPS Connection for Password Change
- PHP LDAP Connection