LDAPS over SSH port forwarding.
It may be that, when developing/debugging, you don't have direct access to the LDAP server. You can use SSH port-forwarding, but you need to disable the cert checks temporarily. Here's the easiest way to do it.
//Enable debugging, so you can see what's failing.
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL,7);
//Disable the TLS certificate check (it will mismatch on the domain). Either
//edit /etc/ldap/ldap.conf and set "TLS_REQCERT never", or in your script:
putenv('LDAPTLS_REQCERT=never');
//Point your ldaps url at localhost. E.g.
$ldap_url = "ldaps://localhost:63600";
//Do the SSH port forward (in another terminal). E.g.
ssh -L 63600:your_real_ldap_server:636 your_proxy_server
//And continue as normal...
ldap_connect($ldap_url);
