After upgrading to PHP 5.0.2, I am unable to do a secure connect to an LDAP server. The same code works fine in PHP 4.3.x. The function call ldap_connect("ldaps://foo.bar") returns the error code 81 "Can't contact LDAP server." ldap_connect("ldap://foo.bar") works fine. Attempting to use TLS results in error number 91 "Connect error" after a call to ldap_start_tls($conn). The same code works fine in PHP 4.3.x. I recompiled openldap, apache, openssl, and php to no avail. I have reproduced this problem on two P4 systems running ~x86. Can anybody else reproduce this problem? Reproducible: Always Steps to Reproduce: 1.Use mod_php-5.* 2.Try using encryption when talking to an LDAP server 3. Actual Results: Connection failed Expected Results: Connection successful Full ~x86 system (except using gcc 3.3.x). Apache 2.0.52 w/ mod_php-5.0.2
The problem still persists with PHP 5.0.3. However, I have no problem when using PHP 5.0.3 with Apache 2.0.52 running on my iBook. I will try compiling from source without the ebuild on my Gentoo machines and see if I can pinpoint the cause of this bug.
Solution: Edit /etc/openldap/ldap.conf Add the following line: TLS_REQCERT never Recompile mod_php It appears that PHP5 has the values in ldap.conf compiled-in, so simply changing the value won't affect the current build. I haven't run a stack trace, so I don't know if PHP is looking for a hard-coded path to ldap.conf or similar file at run time.
