Page 1 of 1

LDAP Bind over SSL problems

Posted: Tue Apr 23, 2013 2:08 pm
by Trebor
I'm very new to PHP and just trying to help another developer debug an LDAP query over SSL via PHP.

We are working with PHP 5.3 and 5.4 (different servers) and Windows 2008 R2.

Our code is similar to below:

Code: Select all

ini_set('display_errors', 'On');
putenv('LDAPTLS_REQCERT=never');

$ldaphost = "ldaps://myserver.edu:636";
$ldapconn = ldap_connect($ldaphost);
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass) ;
  or die( print_r($ldapbind). '****' .ldap_errno($ldapbind).'------'.ldap_err2str( ldap_errno($ldapbind ) )   );
It generates the following error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in E:\wp\Test.php on line 36 Warning: ldap_errno() expects parameter 1 to be resource.

The value of $ldaphost is False, which as I understand it means no connection was made.

According to http://greg.cathell.net/php_ldap_ssl.html the ldap.conf file and put it in C:\openldap\sysconf. This is where my ignorance comes in. It does not appear that either 5.3 or 5.4 have this dirrectory. Where am I supposed to put the ldap.conf file in these versions? Is there a better way of debugging the LDAP errors?

We've spent a week or more trying to figure this out without a lot of success. Any help would be appreciated. Thank you.

Re: LDAP Bind over SSL problems

Posted: Tue Apr 23, 2013 4:32 pm
by Strider64
If memory serves me right I was having a similar problem, I solved it by doing the following:

Enable OpenSSL Support for PHP

As a prerequisite, two libraries must be existing in your Windows system: libeay32.dll and ssleay32.dll. Two ways to achieve this:

Install OpenSSL for Windows
Or, copy these two files to C:\WINDOWS\system32 folder. They’re shipped with PHP package, you can find them in PHP root folder.

Like I said I don't know if this the kind of problem you are having, plus you might have to enable ssl in php.ini

Re: LDAP Bind over SSL problems

Posted: Tue Apr 23, 2013 5:03 pm
by Trebor
Strider, thank you. We did see references on that, but since those are also in the PHP directory, shouldn't the local copies be found first?

We just found the solution though in the past few minutes. In our case we needed to set an evironment variable LDAPCONF=path_to_ldap.conf_file. That seems to have solved it for us.

Thank you again.