3

I'm having issues using Windows to connect to a secure LDAP server, and I see the same thing everywhere online with no solution thats worked so far.

I have tried using both IIS and WAMPSERVER. I have put libeay32.dll and ssleay32.dll in my SYSTEM32 directory and enabled the LDAP extension.

Here is my code:

putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$resource = ldap_connect("ldaps://{redacted}/", 636) or die ("Could not connect.");
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3)
$bound = ldap_bind($resource, "{redacted}\ldap", "****");

echo ldap_error($resource);

I get Can't contact LDAP server from ldap_error and the PHP warning Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:\wamp\www\ldapTest.php

The server I am attempting to connect to is running Active Directory and I have confirmed that I can connect by using other LDAP tools. I know this server has an issue with it's certificate - the LDAP tool I am using says The server you are trying to connect to is using a certificate which could not be verified! - Issuer certificate not found

My suspicion is that the bad certificate is causing the bind issue which is why I've tried the LDAPTLS_REQCERT=never.

Improve this question

2 Answers 2

Reset to default
1

I can't recall where I found this one article; however I found out that by default even if you specify the TLS_REQCERT never it is ignored.

What I found out / then forgot about and found out again is you need to do the following (for windows machines)

  1. Create the following directory structure on your drive c in the root c:\OpenLDAP\sysconf (create the two folders)
  2. Inside the sysconf folder create a text file called "ldap.conf"
  3. In the text file you created put the following on the first line and then save "TLS_REQCERT never" (Without the quotes)
  4. Restart Apache and it should work now.

Give it a try. and good luck!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This step is still required as of Jan. 2017 on WAMP installs (config : Win Server 2008 R2, Apache 2.4.25 Win64 VC14, PHP 7.1.1)
0

You can try changing the following line:

$resource = ldap_connect("ldaps://{redacted}/", 636)

To use your port number directly in the URI instead

$resource = ldap_connect("ldaps://{redacted}:636")

This has been known to work when the other will not.

Improve this answer

1 Comment

Thanks mate for the answer but unfortunately this did not work for me.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.