LDAP and PHP connection failure

Question

I am trying to connect to a secure LDAP server (using LDAPs) via PHP, but I am having problems with it. I get the following error

Warning: ldap_bind()

Answer 1

Although old, I have encountered the same issue and wanted to provide some insight for future readers.

Part of the problem was out-of-date OpenSSL libraries, 0.9.6 vs 1.0.0 (which worked).

After updating OpenSSL on the server, it was noted that PHP lost support for OpenSSL.

You can check support for modules with the following from the command line:

php -m 

Or

echo phpinfo(INFO_MODULES);

From the browser.

Also, there have been a lot of issues with SSL Support for LDAP when using the OCI8/Oracle LDAP libs in my professional experience. On Debian platforms, Libldap-2.4.2-dev packages work best.

Additionally, you should look at the connection logs on the LDAP server. I can almost guarantee that you will see an error referring to SSLv3 and missing a CA for the certificate.

By default, PHP looks for the CA file on UNIX systems in, make sure it is readable by the PHP invoker (user via cli, Apache user, etc..):

/etc/pki/CA

This is not necessarily a PHP issue, but a configuration issue with Secure LDAP. Please see this PHP bug report and this OpenLDAP thread.

The OpenLDAP thread above has a snippet of a working OpenLDAP config for reference.

Some other things to check is your services definitions in /etc/services. Make sure you have the following:

ldaps           636/tcp                         # LDAP over SSL
ldaps           636/udp