Hello, I'm tasked with writing an application in PHP that will authenticate against a known working LDAP server. I'm having some problems binding against that LDAP server and cannot find the issue. I can telnet to the LDAP server's IP and port: > > telnet 12.34.56.78 636 Trying 12.34.56.78... Connected to 12.34.56.78. Escape character is '^]'. ^] telnet> quit Connection closed. So I have more or less ruled out any sort of networking issue. But then when trying ldapsearch, this command is failing: > > ldapsearch -h 12.34.56.78 -p 626 -v -W -X "dn:uid=username,ou=people,dc=example,dc=com" ldap_initialize( ldap://12.34.56.78:626 ) Enter LDAP Password: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) It could be that I'm not providing the correct options as I'm not extremely familiar with ldapsearch. And then the heart of the issue, this simple PHP script is also failing for me: > > ./ldap_test.php ldap_create ldap_url_parse_ext(LDAPS://ldap.example.com) ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 12.34.56.78:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_int_sasl_open: host=ldap.example.com TLS certificate verification: depth: 0, err: 66, subject: C=US,ST=SomeState,O=SomeCompany,CN=ldap.example.com, issuer: C=US,O=Equifax,OU=Equifax Secure Certificate Authority TLS certificate verification: Error, Unknown error TLS: can't connect. ldap_err2string The contents of my PHP test script: error_reporting( E_ALL ); ini_set( 'display_errors', 1 ); ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, 7 ); $c = ldap_connect( 'LDAPS://ldap.example.com', 636 ) or die( 'Could not connect to LDAP server.' ); if( ldap_bind( $c, "uid=username,ou=people,dc=example,dc=com", 'xxx' ) ){ echo 'success!'; } else { echo 'failed to bind'; } The PHP on my local Ubuntu box currently only has the --with-ldap option configured as I'm trying to rule out other libraries that may possibly be causing issues. Are there other dependencies I must build into my PHP to connect using ldap_bind() ? I have experimented with adding --with-openssl and --with-ldap-sasl support but neither resolved my issue. It's also worth mentioning I am building my PHP against the OpenLDAP libraries provided in my Linux distro: > dpkg -l|grep ldap ii ldap-utils 2.3.35-1ubuntu0.1 OpenLDAP utilities ii libldap-2.3-0 2.3.35-1ubuntu0.1 OpenLDAP libraries ii libldap2 2.1.30-13.4 OpenLDAP libraries ii libldap2-dev 2.1.30-13.4 OpenLDAP development libraries There are of course other ldap libraries available but I have no idea if I need them or not. Seems everyone is building their PHP against OpenLDAP so that's what I'm trying to use too. I ran ldconfig after installing the above libraries and they seem to be found with no problems during configuration and compilation. Any idea what might be the problem or what else I can try? I've already tried everything Google has to offer on the issue and am still stuck. Thanks, -- Greg Donald http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
