user323094 user323094 - 1 month ago 5x
PHP Question

How do I solve ldap_start_tls() "Unable to start TLS: Connect error" in PHP?

I'm getting:

Warning: ldap_start_tls()
[function.ldap-start-tls]: Unable to
start TLS: Connect error in
/var/www/X.php on line Y


TLS_CACERT /etc/ssl/certs/ca.crt

is the CA which signed the LDAP server certificate. The certificate on the LDAP server is expired and I can't change it.


You can ignore the validity in windows by issuing


in your php code. In *nix you need to edit your /etc/ldap.conf to contain


Another thing to be aware of is that it requires version 3 (version 2 is php default):

$con = ldap_connect($hostnameSSL);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);

To get a better idea of what's going on, you can enable debug logging by:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

This can be done before the ldap_connect takes place.