user323094 user323094 - 2 months ago 20
PHP Question

How do I solve ldap_start_tls() "Unable to start TLS: Connect error" in PHP?

I'm getting:


Warning: ldap_start_tls()
[function.ldap-start-tls]: Unable to
start TLS: Connect error in
/var/www/X.php on line Y


/etc/ldap/ldap.conf:

TLS_CACERT /etc/ssl/certs/ca.crt


ca.crt
is the CA which signed the LDAP server certificate. The certificate on the LDAP server is expired and I can't change it.

Answer

You can ignore the validity in windows by issuing

putenv('LDAPTLS_REQCERT=never');

in your php code. In *nix you need to edit your /etc/ldap.conf to contain

TLS_REQCERT never

Another thing to be aware of is that it requires version 3 (version 2 is php default):

$con = ldap_connect($hostnameSSL);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);

To get a better idea of what's going on, you can enable debug logging by:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

This can be done before the ldap_connect takes place.

Comments