PHPs ldap_bind() failing even though ldap_connect() is successful

Question

As stated in the title the ldap_connect() functions works fine but when I try to use ldap_bind(), anonymous and with credentials PHP will just give me

Can't contact LDAP server

How do I debug this issue further?

When using a ldap browser I can connect and bind without any issues and it seems that there are no further error messages.

I try to bind using protocol version 3.

Answer 1

ldap_connect does not actually connect to the LDAP server but merely checks whether what you provide as parameter "makes sense". So it would fail when you provide f.e. 300.300.300.300 as IP-Address. But that's it. There is no connection tried, even though the function is called ldap_connect. That has historic reasons.

The first try to connect is usually done on ldap_bind which is the reason that connection issues usually surface here.

Note that you should use an LDAP-URI as parameter for ldap_connect. The second parameter ($port) is deprecated and will only be used when you pass an IP-address or an FQDN as first parameter (which you should not do as you then can't specify f.e. LDAPS). So you should have something like ldap_connect('ldaps://ldap.example.org:639');.

I'm usually first checking via fsockopen whether I can reach the server on the given port like this: ```

$res = fsockopen('ldap.example.org', 639, null, null, 5);
if (false === $res) {
    throw new Exception('server could not be reached within 5 seconds');
}
fclose($res);

When no exception is thrown, the server is available and it's more likely that the credentials are wrong.

Apart from that you can always use ldap_error and ldap_errno to (usually) get more detailed information about the last error.