CODEWITHSUNDEEP
phpactive-directoryldap
Sam
Sam

Reputation: 4339

LDAPS not connecting with PHP

I'm having issues using Windows to connect to a secure LDAP server, and I see the same thing everywhere online with no solution thats worked so far.

I have tried using both IIS and WAMPSERVER. I have put libeay32.dll and ssleay32.dll in my SYSTEM32 directory and enabled the LDAP extension.

Here is my code:

putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$resource = ldap_connect("ldaps://{redacted}/", 636) or die ("Could not connect.");
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3)
$bound = ldap_bind($resource, "{redacted}\ldap", "****");

echo ldap_error($resource);

I get Can't contact LDAP server from ldap_error and the PHP warning Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:\wamp\www\ldapTest.php

The server I am attempting to connect to is running Active Directory and I have confirmed that I can connect by using other LDAP tools. I know this server has an issue with it's certificate - the LDAP tool I am using says The server you are trying to connect to is using a certificate which could not be verified! - Issuer certificate not found

My suspicion is that the bad certificate is causing the bind issue which is why I've tried the LDAPTLS_REQCERT=never.

Upvotes: 3

Views: 5539

Answers (2)

Chris S
Chris S

Reputation: 11

I can't recall where I found this one article; however I found out that by default even if you specify the TLS_REQCERT never it is ignored.

What I found out / then forgot about and found out again is you need to do the following (for windows machines)

  1. Create the following directory structure on your drive c in the root c:\OpenLDAP\sysconf (create the two folders)
  2. Inside the sysconf folder create a text file called "ldap.conf"
  3. In the text file you created put the following on the first line and then save "TLS_REQCERT never" (Without the quotes)
  4. Restart Apache and it should work now.

Give it a try. and good luck!

Upvotes: 1

DevCoDesign
DevCoDesign

Reputation: 389

You can try changing the following line:

$resource = ldap_connect("ldaps://{redacted}/", 636)

To use your port number directly in the URI instead

$resource = ldap_connect("ldaps://{redacted}:636")

This has been known to work when the other will not.

Upvotes: 0

Related Questions