Recently I had an issue connecting to an Active Directory LDAP server from within PHP using the standard ldap_connect and ldap_bind functions. The problem is, the code I was using was working without problems on a Linux based webserver, so I knew it wasn’t a problem with the PHP code itself or the parameters I was passing. So… I did some reading and found many people experiencing similar problems, but not all of them for the the same reason as me. I’m going to summarize in this article the three main problems I came across so that hopefully one of the solutions solves your particular problem.
The specific error/warning that PHP was throwing was the following:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in...
Doesn’t give a whole lot of info… I’m not sure why, but I only did my research on this message. I didn’t actually try calling the functions ldap_error, but I believe, based on the documentation, that the error output by this function is the same as the warning displayed.
OK, so on to the solutions. Here are the three common solutions I came across. Number 3 is the one that worked for me. It was VERY frustrating trying to track down this solution, so I hope this helps someone else find it faster.
This is the obvious solution. Make sure that your PHP script can actually contact the LDAP server. Here are some things that might get in the way:
- Is there a firewall preventing you from accessing the AD/LDAP server?
- Is the LDAP server running? Is it enabled on the Active Directory server?
- Is the password you are using in ldap_bind correct?
- Are you using the RDN for the user instead of just the username? For example, on Windows, this looks something like: “uid=USERNAME,cn=users,dc=HOSTNAME,dc=DOMAIN,dc=com”
While those are “obvious” solutions, I often get stuck on things like that, so I thought I’d make sure to mention them.
This solution only applies if you are connecting to a secure LDAP server. In my case, I wasn’t, so I haven’t actually tried this solution, but in my research there were a LOT of people running into this problem. The following article on Novell’s site outlines the basic steps for Windows or Linux to get the secure LDAP connection working and shows an example of using ldap_bind.
This is the solution I needed, but it took me FOREVER to find. I was connecting to a non-secure LDAP server (Active Directory) from a Windows 2008 server running IIS and with PHP fastcgi. The compiled version of PHP I was using had OpenLDAP support compiled in. The problem I eventually found was that the OpenLDAP libraries were relying on a configuration file in a hardcoded path (lame). So, all I need to do was to create an EMPTY file at the following path:
Seriously? That’s it? Yes… unfortunately, that’s it. After I created this empty file, my ldap_connect and ldap_bind started to work perfectly.
I hope one of these solutions works for you!