The problem I'm facing at the moment is getting PHP on CentOS 5 to communicate with our Windows 2003 R2 Active Directory server.
It works without SSL, but in order to change passwords AD requires a secure connection, or so I've read.
We're running PHP version 5.1.6. OpenLDAP version 2.3.43.
I've read a fair bit on this and spent a fair chunk of time, here is what I've gathered so far:
- Can connect from the CentOS machine via shell with "ldapsearch -x -H 'ldaps://AD.DOMAIN.LOCAL'"
- The above command fails without -x resulting in "SASL/EXTERNAL authentication started
_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:"
From within PHP any changes I make to the host string (making it ldaps:// or adding :636) makes the connection fail, however I can add the port to ldap_connect and as long as the host string remains the same it will connect.
I have added certificate services to the AD server and have generated a certificate and I believe to have that side of it setup correctly, the reason I believe it is setup correctly is because I can connect via command line directly on the box.
$host = "ldap://ad.domain.local";
$un = "email@example.com";
$pw = "pass";
$lc = ldap_connect($host, 636);
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($lc, LDAP_OPT_REFERRALS, 0);
$lb = ldap_bind($lc, $un, $pw);