Can you turn off SASL binding on your ldap server or try contacting another ldap server w/ tls just to make sure that's not your issue? I've had trouble in the past when I didn't specify the full path to the certificate or ldaprc file. It looks like you're failing at the ldap_start_tls() and not the ldap_sasl_bind(...,"EXTERNAL") but that could just be a bad error message. Just an idea .. I've not actually done a SASL bind from PHP/IIS :) -zeb -----Original Message----- From: dsartori [mailto:dsartori@xxxxxxxxxxxxxxxx] Sent: Monday, March 12, 2007 2:19 PM To: php-windows@xxxxxxxxxxxxx Subject: LDAP and IIS 6 Hello, I am trying to get my certs and LDAP to work for SASL external authentication. So far, no luck. My error message and code follow. Some of the documentation for PHP suggests that there is only limited LDAP functionality included in the default extension (not SASL) and you must recompile to get everything. Is this my problem? Which is a problem since I don't have Visual Studio C++. But knowing for sure that I haven't done a silly typo of some kind would be a good start. A friend is running similar code with success using the same certificates. So, I don't think it is them. This is my first foray into authenticated links so your help is greatly appreciated. Diana [12-Mar-2007 10:08:23] PHP Warning: ldap_start_tls() [<a href='function.ldap-start-tls'>function.ldap-start-tls</a>]: Unable to start TLS: Connect error in ...... # SASL EXTERNAL authentication config $tls_cacert="ca.crt"; $tls_cert=website.crt"; $tls_key="website.key"; putenv("LDAPTLS_CACERT=$tls_cacert"); putenv("LDAPTLS_CERT=$tls_cert"); putenv("LDAPTLS_KEY=$tls_key"); # LDAPv3 is required $r = ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); $d = ldap_connect($host); if (!$d) exit(0); $r = ldap_start_tls($d); -- ------------------------------------------------------------- Diana Sartorius dsartori@xxxxxxxxxxxxxxxx 206.543.7263 227 Hall Health Center Box 354400 U of WA Seattle, WA 98195-4400 -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
