Reputation: 125
I have a question for you.
My goal is to bind a ldap server with php.
ldapsearch -H ldaps://[server]:[port] -D [dn] -W
It works well.
$server = array("ldaps://[server]", "[port]");
$userdn = "[dn]";
$userpw = "[pw]";
$ds = ldap_connect($server[0], $server[1]) or die("ldap server offline");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind($ds, $userdn, $userpw);
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
I don't understand my mistake. I've search all night long on google.
Q/A
_ I use mamp ( apache )
_ Ldap server pings good, and works with bash.
_ I use a firewall, but it doesnt work without too.
_ all [var] are ok, because in bash it works.
Upvotes: 2
Views: 12417
Reputation: 7233
It is possible to disable the certification check via PHP. But keep in mind that this is a security risk if the connection is routed over a public network!
ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW);
Consult https://www.php.net/manual/en/ldap.constants.php to find the documentation of other options (LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_TRY
).
For some people this may be preferable over modifying the ldap.conf
.
Upvotes: 0
Reputation: 125
adding TLS_REQCERT allow
to ldap.conf and it works! thanks to @rooster
Upvotes: 1