Voting

    : seven plus zero?
    (Example: nine)

    The Note You're Voting On

    nateshull at gmail dot com
    5 years ago
    Implementing LDAPS on a WISP stack - Win, IIS, SQL, PHP
    PHP 7.0.19:

    Had some issues with some of the instructions and I needed LDAPS for an upcoming Active Directory update that removes insecure LDAP connections.

    Enable modules for ldap and openssl in php.ini

    Also ensure the extensions are in the ext folder

    Verify the modules are loaded: phpinfo()

    Notes:
    The ldap or openssl config file is not needed if the environment variables are set in the code. Also the ca path does not like double quotations around the path.

    *** code sample:

    <?php
    $ldapuser     = "domain\\user";
    $ldappass = "Passsword";
    $ldapserver = "ldaps://server.domain.com";

    //options are require, never, allow
    //require is most secure, the others could allow for man in the middle attacks
    putenv('LDAPTLS_REQCERT=require');

    //tell ldap where the root ca certificate is
    //note that the space is allowed in the path without escape or quotes
    //I have not tested the permissions, but I would assume the service should have read.
    putenv('LDAPTLS_CACERT=C:\\Program Files\\php\\certs\\rootca.pem');

    //test to ensure the certificate is able to be read and path is right.
    echo file_get_contents("LDAPTLS_CACERT=C:\\Program Files\\php\\certs\\rootca.pem");

    // Set debugging
    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

    // connect to ldap server
    $ldapconn = ldap_connect($ldapserver) or die ("Couldn't connect");

    // binding to ldap server
    $ldapbind = false;
    $ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass);

    //easy view of success or failure
    if ($ldapbind) {
    print(    "\n logged in! \n\n");
    } else {
    print(    "\n log on failure \n\n");
    }
    ?>

    << Back to user notes page

    To Top