can not bind to the LDAP directory with secure connection with php

Question

Installation Information:
I have two Windows servers. One (Windows Server 2008 R2) is a domain controller (DC) with Active Directory (AD).Its name is s1.xyz.com. The second (Windows Server 2003 R2) server is running IIS, PHP.SSL certificate is installed on second server.

I have installed Active Directory Certificate Services on DC server to act as a Certificate Authority (CA) and also enable LDAP over SSL(LDAPS) using below link:
http://www.christowles.com/2010/11/enable-ldap-over-ssl-ldaps-on-windows.html

What is the problem:
Actually, I want to set password for AD users so my requirement is secure connection(LDAPS) to do so. I can successfully connect to the DC on unsecured port (389) and access AD data but I can not bind user on secure connection (on port 636) using PHP ldap_bind() function. When i run the script it gives "ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server" error.

Code:

$ip="xxx.xxx.xxx.xx";

$ldaps_url="ldaps://s1.xyz.com:636/";

$ldap_url="s1.xyz.com";

$ldapUsername ="Administrator@xyz.com";

$ldapPassword="x1y1z1";

$ds=ldap_connect($ldaps_url);

//$ds=ldap_connect($ip,636);

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION,3);

ldap_set_option($ds, LDAP_OPT_REFERRALS,0);

$bth=ldap_bind($ds, $ldapUsername, $ldapPassword);

ldap_unbind($ds);

$ds="";

Answer 1

If you're using SSL (e.g. ldaps) and ldap_bind is throwing 'Unable to bind to server:' errors, check that the hostname used in the ldap_connect matches the 'CN' in the SSL certificate on the LDAP server. For example:

<?
    ldap_connect('ldaps://ldap01');
   // 'ldap01' should match the CN in your LDAP server's SSL cert, otherwise the subsequent ldap_bind() will throw a bind error

?>

You can have a look to your certificate using Microsoft MMC.

Answer 2

Maybe s1.xyz.com cannot be resolved. Try it with the ip instead. Like ldaps://ip.goes.here:636.