Posted by petersprc on 01/06/07 03:12

Hi,

You might want to make sure the hostname you're using in ldap_connect
matches the CN in the server's certificate exactly. You could try using
ldaps:// as the protocol. You might also need to set your certificate
dir or file in the client's ldap.conf file too.

For example, using the stock package from RHEL4:

/etc/openldap/ldap.conf:

TLS_CACERT /usr/share/ssl/certs/slapd.pem # self-signed cert

Client script:

<?

$ds = ldap_connect('ldaps://localhost.localdomain');
if ($ds === false) {
trigger_error('ldap_connect', E_USER_ERROR);
}

?>

yawnmoth wrote:
> When I try to use the ldap_search() function on an LDAP server and I've
> connected to, I get the following error message:
>
> Warning: ldap_search(): Search: Confidentiality required in
> C:\path\to\script.php on line xxx
>
> So I try to use ldap_start_tls() and get this error:
>
> Wwarning: ldap_start_tls(): Unable to start TLS: Connect error in
> C:\path\to\script.php on line xxx
>
> I try to set LDAP_OPT_PROTOCOL_VERSION to 3, with ldap_set_option,
> before doing ldap_start_tls, and get the same error.
>
> Anyway, I'm not really sure what the problem is. Any ideas?

[Back to original message]