LDAP_BIND Can't contact LDAP server

Question

I have a question for you.

My goal is to bind a ldap server with php.

• When I try with a terminal ( bash ) I use:

ldapsearch -H ldaps://[server]:[port] -D [dn] -W

It works well.

• When I try with a php script

$server = array("ldaps://[server]", "[port]");

$userdn = "[dn]";

$userpw = "[pw]";

$ds = ldap_connect($server[0], $server[1]) or die("ldap server offline");

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

ldap_bind($ds, $userdn, $userpw);

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server

I don't understand my mistake. I've search all night long on google.

Q/A

_ I use mamp ( apache )

_ Ldap server pings good, and works with bash.

_ I use a firewall, but it doesnt work without too.

_ all [var] are ok, because in bash it works.

Answer 1

It is possible to disable the certification check via PHP. But keep in mind that this is a security risk if the connection is routed over a public network!

ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW);

Consult https://www.php.net/manual/en/ldap.constants.php to find the documentation of other options (LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_TRY).

For some people this may be preferable over modifying the ldap.conf.

Answer 2

adding TLS_REQCERT allow to ldap.conf and it works! thanks to @rooster