PHP on IIS - unable to bind to Active Directory over LDAPS

Question

I'm working on a small password reset script for our users, using PHP5 on an IIS7.5 server. I have LDAP over SSL enabled on our Active Directory controllers, and tested that it is working properly using ldp.exe

Here's the code to connect to the server:

$ldap_server = "ldaps://AD02.district.local";
$ldap_port = "636";
$ldap_user = "service_lookup@district.local";
$ldap_pass = "(goes here)";

$ds = ldap_connect($ldap_server,$ldap_port);
ldap_bind($ds,$ldap_user,$ldap_pass); 
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

However, when I execute the script, I get the following error:

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in D:\Sites\Lookup\search.php on line 11

If I set $ldap_server to use ldap:// instead of ldaps://, it'll connect (even with the port set to 636), but the actual reset function does not work ("server is unwilling to perform").

Is there a way to troubleshoot this further? Or does anyone know what may be wrong?dd

Answer 1

I know this is an old question. But today I encountered the same problem.

I had to apply the following solution to make it work:

1. Create a folder: C:\OpenLDAP\sysconf
2. Create a file 'ldap.conf' in C:\OpenLDAP\sysconf.
3. Make the content of the file: 'TLS_REQCERT never' (no quotes).
4. Save.

It should work now. According to the manual, “TLS_REQCERT never” prevents the server from requesting and/or checking any server certificate.