The documentation for ldap_start_tls does not mention that you MUST be using LDAP protcol version 3. I spent a day looking through google and source trying to figure out why this was happening. I finally just changed ext/ldap/ldap.c to force LDAP protocol version 3. After happening across bug #13278 I realized that I could have just used ldap_set_option (I neglected to take notice of this function probably just because I was burnt out from trying to solve this problem.)
Could ldap_start_tls be changed to force protocol version 3 (since it is required) or could the ldap_start_tls function page be updated to alert people that this must be done? The changes I made to get this to work, though sort of a waste of time now that I know of ldap_set_option are below. -matt --- ext/ldap/ldap.c-dist Thu Jul 18 15:35:00 2002 +++ ext/ldap/ldap.c Thu Jul 18 15:49:52 2002 @@ -1997,15 +1997,22 @@ Start TLS */ PHP_FUNCTION(ldap_start_tls) { + int version = LDAP_VERSION3; pval **link; ldap_linkdata *ld; - + if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == FAILURE) { WRONG_PARAM_COUNT; } ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link", le_link); + //try to set LDAP version to LDAP_VERSION3 + if (ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &version) != +LDAP_SUCCESS) { + php_error(E_WARNING, "LDAP: TLS: Unable to start TLS: %s", + ldap_err2string(_get_lderrno(ld->link))); + RETURN_FALSE; + } if (ldap_start_tls_s(ld->link, NULL, NULL) != LDAP_SUCCESS) { php_error(E_WARNING,"LDAP: Unable to start TLS: %s", ldap_err2string(_get_lderrno(ld->link))); -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php