I have browsed through many questions about this and have exhausted my options, so here it goes. I have a Windows 2008R2 domain controller. I am using PHP to connect to it from a different server, same domain, using LDAP. (Also Win2008R2, IIS7.5) I have ensured the following:
- Certificate for the domain controller has been imported to the trusted root authority store on the PHP machine
- I have used ldp.exe on the PHP machine and can connect AND bind over LDAPS using the name of the DC and port 636
- My user credentials are correct
- I can connect using LDAP, port 389 in PHP just fine
Here is my code:
putenv('LDAPTLS_REQCERT=never');
$host = "ldaps://mydc.thing.com:636";
$dn = "Admin User";
$dnp = "adminPaSwOrD";
$base = "DC=thing,DC=com";
$scope = "sub";
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ds = ldap_connect($host);
$r=ldap_bind($ds, $dn, $dnp);
The error message is always:
PHP Warning: ldap_sasl_bind() [<a href='function.ldap-sasl-bind'>function.ldap-sasl-bind</a>]: Unable to bind to server: Can't contact LDAP server in ...
Relevant PHP info:
#Version 5.3.8
#cURL: 7.22.0, SSL:yes, dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp
#LDAP: enabled, SASL: enabled, OpenLdap v.20319
I have scoured Goggle and tried quite a few things myself. The wierd part is that an LDAP client on the PHP machine can connect and bind to the DC, just not in PHP. I've also tried PHP from CLI (to cut IIS out of the mix) and it returns the same error.
Any help would be greatly appreciated.
SG
