ldap_sort
I seemingly take forever to make use of ldap_start_tls work.
Especially lacking in document, I was frustrate and almost gave up until I saw this link in the php forum.
I thought it is worth for put the link in here.
http://marc.info/?l=php-windows&m=116127873321748&w=2
it is really work, and it saves me.
ldap_start_tls
(PHP 4 >= 4.2.0, PHP 5)
ldap_start_tls — Start TLS
Description
bool ldap_start_tls
( resource $link
)
Warning
This function is currently not documented; only its argument list is available.
add a note
User Contributed Notesldap_start_tls
pataisjsu at Yahoo.com
15-Nov-2007 10:55
15-Nov-2007 10:55
technosophos
06-Mar-2007 08:53
06-Mar-2007 08:53
If your version was linked against the OpenLDAP libraries, you may want to look at the ldap.conf file for more information about specifying SSL/TLS behavior. Apparently, the settings in ldap.conf make a different in the way SSL/TLS is handled by PHP.
on at cs dot ait dot ac dot th
07-Aug-2006 07:00
07-Aug-2006 07:00
More on TLS start.
It seems that either you ldap_connect to ldaps://, port 636 or you ldap_tls_start.
In my case, using ldaps on port 636 (to be sure I enforce TLS) the connection will go like:
$LDAP_SERVER="ldaps://ldap.../";
$LDAP_PORT=636;
$ds = ldap_connect($LDAP_SERVER,$LDAP_PORT);
if ($ds) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
}
/*** NO NEED ***
* if (!ldap_start_tls($ds)) {
* exit;
* }
***/
// now we need to bind anonymously to the ldap server
$bth = ldap_bind($ds);
//make your query
bill at strosberg dot com
13-Apr-2005 05:42
13-Apr-2005 05:42
Please note there is a difference between ldaps and start-TLS for ldap. start-TLS uses port 389, while ldaps uses port 636. ldaps has been deprecated in favour of start-TLS for ldap. Both encrypted (start-TLS ldap) and unencrypted ldap (ldap) run on port 389 concurrently.
Errors encountered are generally due to misunderstanding how to implement TLS-encrypted ldap.
claar at no dot spam dot ksu dot edu
28-Jun-2004 10:10
28-Jun-2004 10:10
Note that (in my very limited experience) you cannot use the ldaps protocol with tls, or ldap_start_tls() will report "ldap_start_tls(): Unable to start TLS: Operations error", and ldap_error() will return error code 1.
I found that I had to call ldap_connect() with ldap:// rather than ldaps:// for ldap_start_tls() to succeed. Hope this helps someone!
wirges-at-cerias.purdue.edu
23-Jul-2002 03:19
23-Jul-2002 03:19
It should be mentioned, that TLS connections for LDAP *REQUIRE* you to use LDAP Protocol version 3. By default, PHP uses Protocol 2.
Therefore, if you do not know this, you may be puzzled as to why you get "TLS not supported" error.
To get around this, just use ldap_set_option to make the LDAP connection use Protocol 3 (if supported).
For example:
$ds = ldap_connect($LDAP_SERVER,$LDAP_PORT);
if ($ds) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
}
if (!ldap_start_tls($ds)) {
fatal_error("Ldap_start_tls failed");
}
// now we need to bind anonymously to the ldap server
$bth = ldap_bind($ds);
//make your query
}