PHP: ldap_start_tls

Description

bool ldap_start_tls ( resource link )

Внимание

К настоящему времени эта функция еще не была документирована; для ознакомления доступен только список аргументов.

ldap_start_tls

bill at strosberg dot com
13-Apr-2005 10:42


Please note there is a difference between ldaps and start-TLS for ldap.  start-TLS uses port 389, while ldaps uses port 636.  ldaps has been deprecated in favour of start-TLS for ldap.  Both encrypted (start-TLS ldap)  and unencrypted ldap (ldap) run on port 389 concurrently.



Errors encountered are generally due to misunderstanding how to implement TLS-encrypted ldap.

claar at no dot spam dot ksu dot edu
28-Jun-2004 03:10


Note that (in my very limited experience) you cannot use the ldaps protocol with tls, or ldap_start_tls() will report "ldap_start_tls(): Unable to start TLS: Operations error", and ldap_error() will return error code 1.



I found that I had to call ldap_connect() with ldap:// rather than ldaps:// for ldap_start_tls() to succeed.  Hope this helps someone!

wirges-at-cerias.purdue.edu
22-Jul-2002 08:19


It should be mentioned, that TLS connections for LDAP *REQUIRE* you to use LDAP Protocol version 3.  By default, PHP uses Protocol 2.  


Therefore, if you do not know this, you may be puzzled as to why you get "TLS not supported" error.





To get around this, just use ldap_set_option to make the LDAP connection use Protocol 3 (if supported).





For example:





$ds = ldap_connect($LDAP_SERVER,$LDAP_PORT);


if ($ds) {


   if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {


      fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");


    }


    if (!ldap_start_tls($ds)) {


       fatal_error("Ldap_start_tls failed");


    }


    // now we need to bind anonymously to the ldap server


    $bth = ldap_bind($ds);


    //make your query


}