I have spent hours and hours trying to get an LDAPS connection happening with my local AD LDS instance (running on Windows 8.1 64bit).
I tried certificate after certificate. OpenSSL, Thawte and Self-signed - all with no success.
I ended up deleting all of my certificates and created a Self-signed certificate using IIS 7 (running on Windows 8.1).
I then downloaded the Softerra LDAP browser and it was able to connect to my AD LDS instance via SSL with no problems.
Sure if it could PHP could.
I used the following code to connect:
<?php
$ldap_server = "ldaps://delllappy:636";
$ldap_conn = ldap_connect($ldap_server) or die("Failed to connect to LDAP server.");
?>
I added the following above the ldap_connect:
<?php
putenv('LDAPTLS_REQCERT=allow');
putenv("LDAPCONF=C:\OpenLDAP\sysconf\ldap.conf");
?>
That did nothing.
The ldap_bind command I used was:
<?php
if (!ldap_bind($ldap_conn, $ldap_user, $ldap_pass)) {
echo "error";
}else{
echo "success";
}
?>
BTW: I added a heap of debug in the code too - which is referenced elsewhere - so I didn't add it in here.
The error that I kept on getting was:
Error Binding to LDAP: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I then ran ProcMon (Process Monitor from Microsoft).
I monitored when I restarted my web server (Z-WAMP). At that point there was no attempt to read ldap.conf.
I then loaded up my web page with my test.php file.
At that point I noticed that it was ldap.conf that was being read but openldap.conf.
Of course as my file was called ldap.conf, openldap.conf failed. I renamed my ldap.conf to openldap.conf and everything worked.
On Z-WAMP running OpenLDAP don't used ldap.conf, use openldap.conf.
The openldap.conf file was placed in C:\openldap\sysconf\.
As the PUTENV values did not do anything, I removed them.
