I have a question for you.

My goal is to bind a ldap server with php.

  • When I try with a terminal ( bash ) I use:

ldapsearch -H ldaps://[server]:[port] -D [dn] -W

It works well.

  • When I try with a php script

$server = array("ldaps://[server]", "[port]");

$userdn = "[dn]";

$userpw = "[pw]";

$ds = ldap_connect($server[0], $server[1]) or die("ldap server offline");

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

ldap_bind($ds, $userdn, $userpw);

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server

I don't understand my mistake. I've search all night long on google.

Q/A

_ I use mamp ( apache )

_ Ldap server pings good, and works with bash.

_ I use a firewall, but it doesnt work without too.

_ all [var] are ok, because in bash it works.

3

2 Answers

adding TLS_REQCERT allow to ldap.conf and it works! thanks to @rooster

It is possible to disable the certification check via PHP. But keep in mind that this is a security risk if the connection is routed over a public network!

ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW); 

Consult to find the documentation of other options (LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_TRY).

For some people this may be preferable over modifying the ldap.conf.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.