When you have this error:
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /var/www/X.php on line Y
It's probably because of a certificate validity issue. You can check the error by adding debug level:
<?php
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
?>
This can be done before the ldap_connect takes place.
To fix the certificate validity issue:
add
TLS_REQCERT never
in file (create it if not exist)
c:\openldap\sysconf\ldap.conf <= Windows
/etc/ldap.conf <= linux
A restart of the web server may be required to apply changes
It's probably not the best solution but it works ...
Another thing to be aware of is that it requires version 3 (version 2 is php default):
<?php
$con = ldap_connect($hostnameSSL);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
?>
Another tip : the second parameter of ldap_connect is not used if you use an URL like "ldap://..." (port 389 automatically used) or "ldaps://..." (port 636 automatically used).
