I couldn't get ldap_bind to work on an ldaps connection until I followed some instructions about creating an ldap.conf file. I don't see these instructions anywhere on the php site. Maybe they're on the OpenLDAP site, but I thought it would be useful to have here as well. Credit goes to a dude known as 'LRM', and I found my solution here: http://lists.horde.org/archives/sork/Week-of-Mon-20040503/001578.html
My setup is XAMPP on Win XP.
###### ApacheFriends XAMPP (basic package) version 1.6.3a ######
+ Apache 2.2.4
+ MySQL 5.0.45
+ PHP 5.2.3 + PHP 4.4.7 + PEAR
+ PHP-Switch win32 1.0 (please use the "php-switch.bat")
+ XAMPP Control Version 2.5 from www.nat32.com
+ XAMPP Security 1.0
+ SQLite 2.8.15
+ OpenSSL 0.9.8e
+ phpMyAdmin 2.10.3
+ ADOdb 4.95
+ Mercury Mail Transport System v4.01b
+ FileZilla FTP Server 0.9.23
+ Webalizer 2.01-10
+ Zend Optimizer 3.3.0
+ eAccelerator 0.9.5.1 for PHP 5.2.3 (comment out in the php.ini)
1. create C:\OpenLDAP\sysconf\ldap.conf (Yes, it MUST be this path because it's hard-coded in the dll)
2. put this line at the top:
TLS_REQCERT never
3. Save, stop/start apache.
The reason is, I think, because it doesn't understand the certificate, so this directive tells it to not bother checking it. I guess that could be unsafe in some cases, but in my case I'm confident with the server I'm connecting to.
My connection code was as follows (nothing new here, I don't think):
<?php
$con = @ldap_connect('ldaps://the.ldap.server', 636);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
var_dump(@ldap_bind($con, '[email protected]', 'password'));
?>
Good luck! LDAPS can be a real bitch.