Connecting to a non-secure LDAP server via PHP on a Secure Domain

Question

I am trying to connect to an ldap server that the client's IT guy says does not have an SSL certificate. This is on a test file on their domain, which has an SSL installed. Let's say the file is at https://client.org/test_LDAP.php

So I use very simple code to connect, which has worked fine with another client just in the past month:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

define("LDAP_SERVER","ldap://name.their.junk");
define("LDAP_BASE","CN=Users,DC=their,DC=junk");

$username = 'CN=Username,'.LDAP_BASE;
$password = "Password";

$ldap = ldap_connect(LDAP_SERVER, 389) or die("Can't connect to LDAP server");

ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3) ;

if (ldap_bind($ldap, $username, $password)) {
    ldap_unbind($ldap);
    echo 'OK - Login valid';
} else {
    die(ldap_error($ldap) . ' (' . ldap_errno($ldap) . ')');
}

If I am running code from a domain with an SSL installed, does that mean I HAVE to use ldaps and port 636, even if the client's AD server doesn't have a Certificate? I've tried the code with both ports and both ldaps: and ldap: on an unsecured launch domain and also his secured live domain. Nothing seems to work. But he swears the username and password and all of the variables are correct, and told me to use their IP instaed of the hostname (ldap:000.000.000.00 for example).

Am I doing something wrong here?

And yes, I DO have LDAP configured correctly on my server end, because we just were able to do this exact same thing with another client recently.

Any insight would be much appreciated.

Answer 1

If you try to perform the searches on Windows 2003 Server Active Directory or above, it seems that you have to set the LDAP_OPT_REFERRALS option to 0:

ldap_connect(..) 
ldap_set_option ($ldap, LDAP_OPT_REFERRALS, 0); 
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 
ldap_bind(..)