PHP ldapconnect Manual. To be able to make modifications to Active Directory via the LDAP connector you must bind to the LDAP service over SSL. Otherwise Active Directory provides a mostly readonly connection. You cannot add objects or modify certain properties without LDAPS, e. LDAPS connections to Active Directory. Therefore, for those wishing to securely connect to Active Directory, from a Unix host using PHPOpen. LDAPOpen. SSL I spent some time getting this going myself, and came across a few gotchas. Hope this proves fruitfull for others like me when you couldnt find answers out there. Make sure you compile Open. LDAP with Open. SSL support, and that you compile PHP with Open. LDAP and Open. SSL. This provides PHP with what it needs to make use of ldaps connections. Configure Open. SSL Extract your Root CA certificate from Active Directory, this is achived through the use of Certificate Services, a startard component of Windows 2. Toolkit 2.5 Beta 5.Exe. Server, but may not be installed by default, The usual AddRemove Software method will work here. I extracted this in Base. DER format. Place the extracted CAcert into the certs folder for openssl. This is easily done by simply running  usrlocalsslbincrehash. Once this is done you can test it is worked by running  usrlocalsslbinopenssl verify verbose CApath usrlocalsslcerts tmpexportedcacert. Should return OK. Configure Open. LDAP Add the following to your ldap. Instruct client to NOT request a servers cert. TLSREQCERT never  Define location of CA Cert. TLSCACERT usrlocalsslcertsADCACERT. TLSCACERTDIR usrlocalsslcerts  end You also need to place those same settings in a file within the Apache Web user homedir called. You can then test that youre able to establish a LDAPS connection to Active Directory from the Open. LDAP command tools  usrlocalopenldapbinldapsearch H ldaps adserver. This should return some output in extended LDIF format and will indicate no matching objects, but it proves the connection works. The name of the server youre connecting to is important. If they server name you specify in the ldaps URI does not match the name of the server in its certificate, it will complain like so  ldapbind Cant contact LDAP server 8. TLS hostname does not match CN in peer certificate. Once youve gotten the ldapsearch tool working correctly PHP should work also. One important gotcha however is that the Web user must be able to locate its HOME folder. You must check that Apache is providing a HOME variable set to the Web users home directory, so that php can locate the. This may well be different between Unix variants but it is such a simple and stupid thing if you miss it and it causes you grief. Simply use a Set. Env directive in Apaches httpd. Set. Env HOME usrlocalwww. With all that done, you can now code up a simple connect function  function connectADldapserver ldaps adserver. El Inmortal Borges Pdf here. CNweb service account,OUService Accounts,DCad,DCcom ldappass   password     ad ldapconnectldapserver ldapsetoptionad, LDAPOPTPROTOCOLVERSION, 3 bound ldapbindad, ldapuser, ldappass    return ad Optionally you can avoid the URI style server string and use something like ldapconnectadserver. But work fine with Active Directory servers. Hope this proves usefull. Ldap Browser For Windows 2008Best Ldap Browser For WindowsExplains the security model for the SAS Intelligence Platform and provides instructions for performing securityrelated administrative tasks. The emphasis is on suite. Describes how to enable LDAP over SSL with a thirdparty certification authority. If you dont want your PHP program to wait XXX seconds before giving up in a case when one of your corporate DC have failed, and since ldapconnect does not have a. I need to use LDAP to authenticate against Active Directory 2003. At this point, we are not even sure what port AD is using to accept LDAP queries.