Try to enable "anonymous binds" on your LDAP-Server or use a correct bind (username / password).

like cn=ldapauthuser,ou=accounts,dc=example,dc=com

Although old, I have encountered the same issue and wanted to provide some insight for future readers.

Part of the problem was out-of-date OpenSSL libraries, 0.9.6 vs 1.0.0 (which worked).

After updating OpenSSL on the server, it was noted that PHP lost support for OpenSSL.

You can check support for modules with the following from the command line:

php -m 

Or

echo phpinfo(INFO_MODULES);

From the browser.

Also, there have been a lot of issues with SSL Support for LDAP when using the OCI8/Oracle LDAP libs in my professional experience. On Debian platforms, Libldap-2.4.2-dev packages work best.

Additionally, you should look at the connection logs on the LDAP server. I can almost guarantee that you will see an error referring to SSLv3 and missing a CA for the certificate.

By default, PHP looks for the CA file on UNIX systems in, make sure it is readable by the PHP invoker (user via cli, Apache user, etc..):

/etc/pki/CA

This is not necessarily a PHP issue, but a configuration issue with Secure LDAP. Please see this PHP bug report and this OpenLDAP thread.

The OpenLDAP thread above has a snippet of a working OpenLDAP config for reference.

Some other things to check is your services definitions in /etc/services. Make sure you have the following:

ldaps           636/tcp                         # LDAP over SSL
ldaps           636/udp

On UNIX "man ldap.conf" = ... SYNOPSIS /usr/local/etc/openldap/ldap.conf ...

Write TLS_REQCERT never in /usr/local/etc/openldap/ldap.conf and set ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)

This work in my project on Nginx+PHP-fpm: nginx/1.6.0 php55-5.5.15 php55-ldap-5.5.15 openldap-client-2.4.39_1

I think you just need to set the ldap protocol version to be 3

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";

$ldap_server = 'ldaps://server';
$ldap_port = '636';

$ds = ldap_connect($ldap_server, $ldap_port);

if ($ds) 
{
    //add this
    if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) 
    {
        fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
    }
    echo "<br><br>Binding ..."; 
    $r=ldap_bind($ds);     // this is an "anonymous" bind, typically
                       // read-only access
    echo "Bind result is " . $r . "<br />";

    echo "Searching for (sn=S*) ...";
    // Search surname entry
    $sr=ldap_search($ds, "ou=people,o=server.ca,o=server", "uid=username*");  
    echo "Search result is " . $sr . "<br />";

    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";

    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";

    print_r($info);
    //    for ($i=0; $i<$info["count"]; $i++) {
    //        echo "dn is: " . $info[$i]["dn"] . "<br />";
    //        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
    //        echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
    //    }

    echo "Closing connection";
    ldap_close($ds);

} 
else 
{
    echo "<h4>Unable to connect to LDAP server</h4>";
}

The problem is not related to the actual binding process (invalid credentials) as the warning would be a different one if the LDAP server could not authenticate your credentials. But as Paul Dixon noted the use of ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) should be required - even though I don't think that this is the cause of your problems.

• Which LDAP server type are you connecting to? OpenLDAP, Active Directory or something else?
• What's the operating system of the computer running your PHP program?
• Are you using a self-signed SSL certificate on the LDAP server and is the certificate authority for the given certificate trusted by the machine running your PHP program?
• Which port does the LDAP server run on? 636 would be the "official" port for LDAPS. Perhaps you can add the port explicitly to the server address: ldaps://<<server>>:636.

ext/ldap has some issues with SSL/TLS secured connections. You can try to add

TLS_REQCERT never

to the ldap.conf (/etc/ldap.conf or /etc/ldap/ldap.conf on *nix-based systems) or for Windows machines create a ldap.conf with the above content in C:\OpenLDAP\sysconf\ldap.conf (the path must be an exact match as it's hard-coded into the extension).

It appears to be a problem using SSL/TLS on some servers with recent PHP versions. Not sure why. You can refer to my post at: Problems with secure bind to Active Directory using PHP

One of the more likely causes, is the cause from Stefan. To make sure that this is really the case, you can use:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

before your ldap_connect. This will print a more sane error message to log (typically ssl cert not valid, ref. Stefan Gehrig)