Reputation: 8168
ldap_bind() - Can't contact LDAP server
I have a VM running CentOS 7 with the LAMP stack installed. On the VM I am trying to create an LDAPS connection to my domain controller which is a Windows 2008 R2 VM. The SSL certificate that I am using is self-signed and the CA has been added to the CentOS 7 CA trust.
I am able to connect to the domain controller via ldapsearch. With ldapsearch debugging level set to 1, I am able to verify that my certificate is valid.
ex.) ldapsearch -H "ldaps://server.ad.com" -D "domain\user-name" -W -d 1
Whenever I try to use LDAPS via php, I receive ldap_connect() as success but the ldap_bind() always errors with -1 Can't contact LDAP server. Below is a code example:
<?php
define(LDAP_OPT_DIAGNOSTIC_MESSAGE,0x0032);
echo "defined LDAP_OPT_DIAGNOSTIC_MESSAGE <br />";
$handle = ldap_connect("ldaps://server.ad.com:636");
echo "called ldap_connect <br />";
$errorCode = ldap_errno( $handle );
echo "error code: $errorCode <br />";
$errorMsg = ldap_error( $handle );
echo "error message: $errorMsg <br />";
if (!$handle)
{
echo "ldap_connect method returned null <br />";
}
else
{
echo "ldap_connect returned a handle! <br />";
}
$bind = ldap_bind($handle, 'domain\user', 'password');
echo "called ldap_bind <br />";
$errorCode2 = ldap_errno( $handle );
echo "error code: $errorCode2 <br />";
$errorMsg2 = ldap_error( $handle );
echo "error message: $errorMsg2 <br />";
if (!$bind)
{
echo "ldap_bind method returned null <br />";
}
else
{
echo "ldap_bind returned a bind! <br />";
}
if(ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error))
{
echo "Error binding to LDAP: $extended_error";
}
else
{
echo "Error bind to LDAP: No additional information is available.";
}
?>
Output:
defined LDAP_OPT_DIAGNOSTIC_MESSAGE
called ldap_connect
error code: 0
error message: Success
ldap_connect returned a handle!
called ldap_bind
error code: -1
error message: Can't contact LDAP server
ldap_bind method returned null
Error bind to LDAP: No additional information is available.
I feel like the "Can't contact LDAP server" is too generic of an error message, so I tried to add the LDAP_OPT_DIAGNOSTIC_MESSAGE (http://php.net/manual/en/function.ldap-bind.php -first comment). But this does not seem to work.
Any Ideas?
Upvotes: 1
Views: 4106
Answers (1)
Reputation: 8168
Upon further investigation, I found that running this PHP file via command line would bind successfully. It was only failing when viewing it from a browser.
With this information, I was able to ask another question on ServerFault and discovered that this bind is actually failing because of SELinux configuration.
Please see full answer here:https://serverfault.com/questions/677013/php-executes-with-different-results-in-command-line-than-when-browsed-to-in-apac
Upvotes: 1
Related Questions
- LDAP_BIND Can't contact LDAP server
- PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
- PHP on CentOS 7: LDAP could not bind to the server
- LDAP connection bind not successful
- PHPs ldap_bind() failing even though ldap_connect() is successful
- ldap_bind() fails with "Can't contact LDAP server"
- ldap_bind(): Unable to bind to server
- PHP ldap bind issue
- Getting Error " Can't contact LDAP server" using PHP ldap_bind function
- how to bind to an openldap server