Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

CentOS Connecting to W2003 AD with LDAPS via PHP

Avatar of machineryhouse
machineryhouseFlag for Australia asked on
DatabasesPHPActive Directory
19 Comments1 Solution1349 ViewsLast Modified:
Hey Experts,

The problem I'm facing at the moment is getting PHP on CentOS 5 to communicate with our Windows 2003 R2 Active Directory server.

It works without SSL, but in order to change passwords AD requires a secure connection, or so I've read.

We're running PHP version 5.1.6. OpenLDAP version 2.3.43.

I've read a fair bit on this and spent a fair chunk of time, here is what I've gathered so far:
- Can connect from the CentOS machine via shell with "ldapsearch -x -H 'ldaps://AD.DOMAIN.LOCAL'"
- The above command fails without -x resulting in "SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:"

From within PHP any changes I make to the host string (making it ldaps:// or adding :636) makes the connection fail, however I can add the port to ldap_connect and as long as the host string remains the same it will connect.

I have added certificate services to the AD server and have generated a certificate and I believe to have that side of it setup correctly, the reason I believe it is setup correctly is because I can connect via command line directly on the box.

Please help!

$host = "ldap://ad.domain.local";
$un = "user@domain.local";
$pw = "pass";

$lc = ldap_connect($host, 636);

ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($lc, LDAP_OPT_REFERRALS, 0);

$lb = ldap_bind($lc, $un, $pw);
	echo 'Connected';
	echo ldap_error($lc);

Avatar of NerdsOfTech
NerdsOfTechFlag of United States of America imageTechnology Scientist

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 19 Comments.
See Answers