Just spent a good 2 hours trying to get this all worked out... Figured I would post it just in case anyone else out there ever runs into the same issue.

Part of my app involves authenticating users via LDAP binding. Our organization requires that the LDAP connection be made over SSL (ldaps). I have a class that I wrote awhile back to do this that has always worked, but when I was trying to run my script it kept failing with the error that it couldnt connect to the ldap server. The same script works perfectly on the production server, and I could connect to the ldap server using my LDAP browser (Softerra) so I knew it had to be something with the php settings being used.

First thing that I noticed was that the default php.ini install didnt have either the LDAP or the ssl extensions loaded. So I had to change the file. Still no luck. I have WinSSL Wrap installed and have used it for some other SSL-related issues. So I set up an SSL tunnel redirecting from 127.0.0.1 to our LDAP server. Success!!!!

So, I then knew it had something to do with the local php not knowing where a cert was to use in the communications. After some searching, I came across this post which does an excellent job of explaining on what to do in order to get it working : http://greg.cathell.net/php_ldap_ssl.html.

Unless you are also running your own LDAP server, you can skip steps 4 and 5. You will need a certificate for step 6, so either use one you already have, or you can make your own using openssl. If you download WinSSL wrap, it should have a batch file in it for walking you through the steps of creating your own pem cert. Otherwise, you will need to convert your cert to pem format, of which, you can use openssl to do the conversion.

Just in case the link to the instructions goes down, I will copy the main instructions here. Italics indicates a change from the original document.

I DO HIGHLY RECOMMEND NOT TO DO THIS!
DO NEVER COPY THESE DLLS INTO SYSTEM32 DIRECTORY.
Or one day you will find that this or that application (which uses ssl) fails to work or even crashes.
There are many applications are using ssl, btw. For example TheBat. Unfortunately, they all are tending to use different versions of openssl which are NOT (and this causes all the troubles) binary-api-compatible. So you have not choises! Leave all ssleay32.dll and libeay32.dll in application's directory. For example if you run php.exe, copy it into php's directory. If you run php module under Apache, copy it inot Apache's directory but do never touch (or even think of touching) system32

I understand that, but unfortunately, this was the only way I could get it to work. I tried adding phped's location to the PATH directive, but that caused issues with my Oracle installation. Copying the dll's into system32 was the only way I could get it to work.

Of course, if you are the ones that copy them there, then you should remember that if you ever have any future ssl-related issues

if you have only one non MS program installed on your machine and you will never install any other, that's probably okay to waste your system32 directory with dlls that are not inteneded to appear there. Otherwise please follow my suggestions. I do belive it works much better
To be more specific, would you please tell me what php you used to call ldap_connect()? Was it Apache php module or php cgi or something else? In case of Apache, you need to copy dlls into Apache's directory (ONLY IF THERE ARE NO THESE DLLS ALREADY). If you use php-cgi/fastcgi, you have to copy the dlls into php-cgi.exe (php.exe) directory. Also, please make sure that ldaps uses (or not) ssl streams that depend on openssl php extension. In case if these streams are used, you have to enable php_openssl.dll in php.ini and check phpinfo() to see if it's loaded.

I think that's being a bit dramatic... I've been an MCP for many years, and adding dlls to system32 isnt going to blow up your machine. At worst, an app that is expecting a different version might crash, but its usually in the crash dump, so you know what caused the problem. I'm not suggesting someone do this for someone ELSE's computer. That would be irresponsible.



I'm using whatever installs with PhpEd (Srv). And I had tried placing the dlls into that directory (ie C:\Program Files\nusphere\phped\php\ - I'm using php v4) and that did not work either. I already spent an entire day getting this to work which was 6 hours more than I have to spend. At this point, I'm leaving it the way it is since I dont have time to spend on making additional configurations. My development server and production server are administrated and controlled by someone else completely, so I'm only dealing with my personal machine. If something isnt working on those servers, I just tell them to fix it and let them worry about the how... I just need the debugger (on my machine) to be able to work with what I'm doing. I posted this so that if someone else has exhausted all the other options and avenues, they can give this a shot as a last resort.



It's a campus LDAP server, so I have NO idea how to even check that....

Could you please spend 5 more minutes and try the following?
a) remove both ssl dlls from system32 (even if you have to stop some applications to release the file locks)
b) have the ssl dlls in the C:\Program Files\nusphere\phped\php\ directory
c) open command prompt and run
cd C:\Program Files\nusphere\phped\php\
php.exe -i >info.html

then inspect this info.html to see if openssl extension is properly loaded (update php.ini if needed). Then run the IDE, set Run Mode to SRV Local Web Server and make sure that *.php is associated with PHP4. Then give your ldaps scripts a try.
Let me know about the results.

Thanks in advance.