PHP, OpenLDAP and SSL

I spent hours and hours trying to get an LDAPS connection happening with my local AD LDS instance.

The instance was (running on Windows 8.1 64bit).

I tried certificate after certificate. OpenSSL, Thawte and Self-signed - all with no success.

I ended up deleting all of my certificates and created a Self-signed certificate using IIS 7 (running on Windows 8.1).

I then downloaded the Softerra LDAP browser and it was able to connect to my AD LDS instance via SSL with no problems.

Sure if it could PHP could.

I used the following code to connect:

<?php
$ldap_server = "ldaps://delllappy:636";
$ldap_conn = ldap_connect($ldap_server)  or die("Failed to connect to LDAP server."); 
?>

I added the following above the ldap_connect:

<?php
putenv('LDAPTLS_REQCERT=allow');
putenv("LDAPCONF=C:\OpenLDAP\sysconf\ldap.conf");
?>

That did nothing.

The ldap_bind command I used was:

<?php
if (!ldap_bind($ldap_conn, $ldap_user, $ldap_pass)) {
    echo "error";
}else{
    echo "success";
}
?>

BTW: I added a heap of debug in the code too - which is referenced elsewhere - so I didn't add it in here.

The error that I kept on getting was: Error Binding to LDAP: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I then ran ProcMon (Process Monitor from Microsoft).

I monitored when I restarted my web server (Z-WAMP). At that point there was no attempt to read ldap.conf.

I then loaded up my web page with my test.php file.

At that point I noticed that it was ldap.conf that was being read but openldap.conf.

Of course as my file was called ldap.conf, openldap.conf failed. I renamed my ldap.conf to openldap.conf and everything worked.

On Z-WAMP running OpenLDAP don't used ldap.conf, use openldap.conf.

The openldap.conf file was placed in C:\openldap\sysconf.

As the PUTENV values did not do anything, I removed them.