0

I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.

# yum install -y php php-ldap
...
# php -m
...
ldap
...

Now the following PHP codes works:

<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
    
if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.

Problem

But then I tried with SSL via port 636:

<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

I got this error:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......

What am I missing please?

Note:

  1. We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
  2. Server certificate is valid.
Improve this question
3
  • "What am I missing please?" The problem is probably not in your code. Are you sure your LDAP server is indeed running and listening on port 636? Are you sure there is no firewall blocking that traffic. You should try with command line client from same host to double check the LDAP connection then only go back to PHP. Commented Jun 7, 2022 at 16:40
  • @PatrickMevzek hi, I'm sorry, "LDAP server"? I think I'm using php-ldap module already. Which is not the one? Commented Jun 7, 2022 at 20:11
  • See error message. Your code is an LDAP client, that connects (through the library) to an LDAP server. The error message tells you that your code can not connect to that server. See ldap_connect instruction that specify which server to connect to. Commented Jun 7, 2022 at 23:22

1 Answer 1

Reset to default
1

I figured out the ldap_connect should be as below:

ldap_connect("ldaps://dc.example.com:636")

And then all of sudden it worked!

Note: If it is on Apache, it is worth restarting it after changing to above code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.