start_tls() and ldaps are mutually exclusive, that is, you cannot release start_tls() on an ssl port (standard 636) or initiate ldaps on an unencrypted port (standard 389). The start_tls() command initiates a secure connection on an unencrypted port after the connection is initiated, so you must issue this before the connection occurs to make it encrypted. Another set of common ports is 3268 (unencrypted) and 3269 (ssl), which can be enabled on your server.
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
logged in the error log of your web servers depending on the level of your log or on completeness (from the PHP CLI). For more information here, check the web server log level settings or just run the php script from the command line.
To successfully use the ssl port, you need to specify the ldaps:// prefix, while on an unencrypted port this is optional (with the ldap:// prefix).
Looking at your code, this may be a problem with the protocol version, since PHP uses version 2 by default. To solve this problem, you can specify:
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION,3); ldap_set_option($conn, LDAP_OPT_REFERRALS,0);
before trying to bind.
You can also view the code in Problems with secure binding to Active Directory using PHP , which I successfully use in CentOS 5, but you have problems with Ubuntu, If your server has an open unencrypted port, it is recommended to use unencrypted test binding with it to exclude any connection problems.
To check if a port is open, you can check if telnet, EG is connected to it:
telnet my.server.com 3268
If the port is open, you can use it.
* Change . If the ssl certificate is considered invalid, the connection will fail, if so, setting the debug level to 7 will announce it. To get around this particular problem, you should ignore its reliability:
You can ignore reality in windows by releasing
putenv('LDAPTLS_REQCERT=never');
in your php code. In the * nix file, you need to edit the /etc/ldap.conf file containing
TLS_REQCERT never