Menu
I am trying to connect to a secure LDAP server (using LDAPs) via PHP, but I am having problems with it. I get the following error
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /var/www/test.php on line 16
I works when I try to connect without LDAPs, but it is required that I use LDAPs because I am going to be dealing with sensitive information.
I am using the following code
<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("ldaps://server"); // must be a valid LDAP server!
print $ds;
if ($ds) {
echo "<br><br>Binding ...";
$r=ldap_bind($ds); // this is an "anonymous" bind, typically
// read-only access
echo "Bind result is " . $r . "<br />";
echo "Searching for (sn=S*) ...";
// Search surname entry
$sr=ldap_search($ds, "ou=people,o=server.ca,o=server", "uid=username*");
echo "Search result is " . $sr . "<br />";
echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";
echo "Getting entries ...<p>";
$info = ldap_get_entries($ds, $sr);
echo "Data for " . $info["count"] . " items returned:<p>";
print_r($info);
// for ($i=0; $i<$info["count"]; $i++) {
// echo "dn is: " . $info[$i]["dn"] . "<br />";
// echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
// echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
// }
echo "Closing connection";
ldap_close($ds);
} else {
echo "<h4>Unable to connect to LDAP server</h4>";
}
?>
319
If the syntactic check fails it returns false . ldap_connect () will otherwise return a resource as it does not actually connect but just initializes the connecting parameters. The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind () .
or die ("Could not connect to LDAP server."); If you're using SSL (e.g. ldaps) and ldap_bind is throwing 'Unable to bind to server:' errors, check that the hostname used in the ldap_connect matches the 'CN' in the SSL certificate on the LDAP server. For example: <? ... ...
To fix this use the ldap_set_option command to change the version that php expects. is a bit confusing. You need to ensure that you use the entire rootdn. for instance. your code should look more like this... or die ("Could not connect to LDAP server."); echo "LDAP bind successful..."; echo "LDAP bind failed...";
Binding using ldap instead of ldaps works just fine using the script so I know the ldap is enabled. The catcher is that while using LDP.exe, we can successfully connect and bind to ldap on port 636 using a secure connection. The script we are failing with is below:
The problem is not related to the actual binding process (invalid credentials) as the warning would be a different one if the LDAP server could not authenticate your credentials. But as Paul Dixon noted the use of ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) should be required - even though I don't think that this is the cause of your problems.
ldaps://<<server>>:636.ext/ldap has some issues with SSL/TLS secured connections. You can try to add
TLS_REQCERT never
to the ldap.conf (/etc/ldap.conf or /etc/ldap/ldap.conf on *nix-based systems) or for Windows machines create a ldap.conf with the above content in C:\OpenLDAP\sysconf\ldap.conf (the path must be an exact match as it's hard-coded into the extension).
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
