>>> On Thu, Apr 2, 2009 at  5:51 PM, in message <49d53344.7040...@gmail.com>, 
>>> Chris
<dmag...@gmail.com> wrote: 
> Keith Lawson wrote:
>> Hello, 
>> I have been working on this problem for some time now and I can't seem to 
> resolve it. Everything I have found on google and php.net says I can connect 
> to an LDAP server with SSL by setting "TLS_REQCERT never" in ldap.conf. I 
> want to eliminate certs from the picture for now just to confirm I can make 
> the connection which is why I have "TLS_REQCERT never" set. 
>> I added that setting to my ldap.conf and my test code now works from the 
> command line but it does not work when I call it from a browser. Here is my 
> test: 
>> <?php
>> $ldaphost = "ldaps://my.ldap.server";
>> //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
>> // Connecting to LDAP
>> $ldapconn = ldap_connect($ldaphost)
>>           or die("Could not connect to {$ldaphost}");
>> ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
>> ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
>> echo var_dump(@ldap_bind($ldapconn, "cn=Keithl, ou=Users, o=LH"));
> It's hard to know -  you're suppressing errors.
> Add these 2 lines to your script:
> error_reporting(E_ALL);
> ini_set('display_errors', true);

I've done that and I get the following when I load the page in a browser: 
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't 
contact LDAP server in /www/doc/INTRA/ktlwiki/ldap-test.php on line 19
Can't contact LDAP server

>From the command line still works: 

[www]/www/doc/> php ldap-test.php

As I mentioned the command line call did not work until I added "TLS_REQCERT 
never" to ldap.conf. I need to figure out why the apache loadable module is 
behaving differently than the command line binary. I'm pretty sure the web page 
is failing because it is still trying to verify the LDAP server's cert. 

> Then get rid of the @ in front of ldap_bind.
> Use http://www.php.net/manual/en/function.ldap- error.php to capture the 
> error message and search for it.


The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential and/or privileged material. Any 
review, retransmission, dissemination or other use of, or taking of any action 
in  reliance upon, this information by persons or entities other  than the 
intended recipient is prohibited. If you received this  in error, please 
contact the sender and delete the material from any computer. 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to