I have this simple php file:
$ldap="localhost";
$port=636;
$usr="CN=admin";
$pwd="pwd123";
$ds=ldap_connect("$ldap", $port);
$ldapbind=false;
// for debugging
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 9);
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
if(ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT, 0))
if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
if(ldap_start_tls($ds))
$ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);
if(!$ldapbind)
echo "BIND ERROR!\n";
else
echo "BIND OK!\n";
Where I try to connect and bind an ldap server on localhost. (command: php testcon.php
). I've added the TLS_REQCERT never
line to /etc/ldap.conf as well.
But I got BIND ERROR! result. Furthermore I got warning msg as well:
PHP Warning: ldap_start_tls(): Unable to start TLS: Can't contact LDAP server in /root/testfolder/testcon.php on line 16
If I comment out the 16. line I got no warning, but BIND ERROR! stays.
Furher Infos:
I try with basedn and without base dn (same result).
Can't contact LDAP server
This can mean two things:
The error message
ldap_start_tls(): Unable to start TLS
is a bit misleading because after initializing the context with ldap_connect()
the TCP connection is still not established yet. The first real LDAP operation called, ldap_start_tls()
in your case, is opening the TCP connection.
I'd recommend:
ldapwhoami
from the same machine to check whether you can connect at all Per the comments to the question, since it ended up being the answer:
Change the port to 389. Port 636 is for LDAP over SSL, which is deprecated (was never standardized as part of LDAP actually). LDAP works from port 389 and when you issue the StartTLS (with ldap_start_tls()) it encrypts the connection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.