More on TLS start.
It seems that either you ldap_connect to ldaps://, port 636 or you ldap_tls_start.
In my case, using ldaps on port 636 (to be sure I enforce TLS) the connection will go like:
$LDAP_SERVER="ldaps://ldap.../";
$LDAP_PORT=636;
$ds = ldap_connect($LDAP_SERVER,$LDAP_PORT);
if ($ds) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
}
/*** NO NEED ***
* if (!ldap_start_tls($ds)) {
* exit;
* }
***/
// now we need to bind anonymously to the ldap server
$bth = ldap_bind($ds);
//make your query
