Issues with LDAP SSL & PHP

LA33R · December 9, 2013, 10:00pm

Hi Guys,

I'm trying to write some code to reset a User's password using PHP in a Windows Active Directory Environments.

I've got an AD Server with LDAP support setup, a self-signed SSL Certificate created and on the server and a '.crt' file waiting if I need it to get this working.

I can connect using LDAP-SSL using LDP.exe on the Domain Controller.

I have IIS 7.5.7600.16385 running on the Domain Controller, PHP Ver 5.5.3 installed, php_ldap.dll and php_openssl.dll installed. I've created the ldap.conf file in "C:\OpenLDAP\sysconf\" directory and inserted the one single line "TLS_REQCERT never".

I can connect using LDAP, non-secure with PHP, but when I attempt ldaps:// or ldap_start_tls() I get "Connect error-11" as the ldap_error() . ldap_errno().

I've attempted using "putenv('LDAPTLS_REQCERT=never')", "putenv('tls_cacert c:\certificate.crt')" and "putenv('TLS_REQCERT never')" without success. I have the correct LDAP options set after the connection, but before ldap_start_tls.

I'm now stuck at a dead end... can anyone help?

The Server is Windows Server 2008 R2 with Active Directory Domain Services, Active Directory Certification Services and Internet Information Services installed.

Here is the PHP code so far: http://pastebin.ca/raw/2495238

Thanks, ~LA33R.

anarekist · December 9, 2013, 10:09pm

im not really sure but im throwing out ideas. can it be that the user that the PHP server is impersonating, doesnt have the rights to edit/connect to the AD server?

LA33R · December 9, 2013, 10:18pm

I'm connecting as the main Administrator account. It does have the rights for it all.

Without SSL I can run reports, but the security settings stop you from editing without an SSL connection which is fair enough. The problem does lie with the SSL, not with account. But thanks for the thoughts anyway.

anarekist · December 9, 2013, 10:22pm

i would send that question over to stackoverflow.com