This is happening because as far as PHP/OpenLDAP are concerned it doesn't trust your CA. By default it's going to look in c:\openldap\sysconf for an ldap.conf file. Create a c:\openldap\sysconf\ldap.conf with this on the first line: TLS_REQCERT never Then you may need to restart IIS to get it to re-read that file. This is just a workaround, you can read up on openldap and how to configure it if you actually want to pay attention to the certs you're using. You can also use environment variables (I think they are LDAPRC (user settings) and LDAPCONF (system wide)) if you want to change the location your conf file and/or do more involved things. Hope this helps... Zeb Bowden VT.SETI.IAD.MIG:Systems Architect http://vtmig.w2k.vt.edu -----Original Message----- From: Phillip Terry [mailto:pterry@xxxxxxxxxxx] Sent: Thursday, October 19, 2006 12:42 PM To: php-windows@xxxxxxxxxxxxx Subject: Using PHP to Bind over LDAPS. I configured LDAP for SSL (LDAPS) on the Active Directory (AD) Domain Controller (DC). The DC is a Windows 2003 Server box. To do this I: 1) Setup the DC as a Certificate Authority (CA) 2) Issued a Certificate to itself 3) Issued a Certificate to the client that would be connecting via LDAPS The client is configured in the following manner: 1) Windows 2003 Server Running IIS 2) PHP 5.0.4 installed 3) LDAP support enabled - Uncommented the php_ldap.dll extension - Copied the php_ldap.dll file into the appropriate directory - Restarted IIS Using the LDP tool, I was able to connect and bind via ports 389, 636, and 3269. Here is the code I am using to attempt the bind: <?php $host = "ldaps://server.addomain.domain.com"; $un = "jdoe"; $pw = "password"; $lc = ldap_connect($host); ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($lc, LDAP_OPT_REFERRALS, 0); $lb = ldap_bind($lc, $un, $pw); ldap_close($lc); ?> If I change it to ldap://server.addomain.domain.com it functions correctly. Is there a secure bind function I should know about? Thanks for the help! Phillip -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
