Need help ignoring server certificate while binding to LDAP server using PHP

Question

I\'m trying to bind to an LDAP server using PHP. It\'s a fairly straightforward process, except that I can\'t get around a certificate error that I\'m getting. My auth cred

Answer 1

You don't specify the environment, so here's the answer (found elsewhere on this site: How do I solve ldap_start_tls() "Unable to start TLS: Connect error" in PHP? ):

Linux: on the client machine (PHP web server) modify the ldap.conf file that the systems is using, in RH/Fedora the file you want is /etc/openldap/ldap.conf (not /etc/ldap.conf, that is for system authentication...) . Add/modify the following line:

TLS_REQCERT never

Windows: Add a system environment variable like the following:

LDAPTLS_REQCERT=never

Or in your PHP code, before the ldap_connect, put the following:

putenv('LDAPTLS_REQCERT=never');

These will insure the client web server PHP instance never checks the FQDN of the server against the CN (common name) of the certificate. Very helpful in cluster environments where a virtual IP and certificate for that is used. But since this also makes it so that the other tools/applications in the entire OS on the web server machine will not check this either, please insure that your environment allows this change (high-security environments might not allow it).