As this page grows, it can be broken into multiple pages. For now just keep adding use cases and how you confligured ldap to accomplish them; bugs/problems you've had to resolve, etc.
No LDAP Extension is loaded for PHP
Signifies the php ldap extension is not enabled. Use the same steps you would to install any php extension. If it is available with the PHP version you installed, it is simply a matter of oncommenting the ldap link in the php.ini file. e.g. extension=php_ldap.dll for windows.
Need to use LDAPS
Some ldap servers require ldaps. Make sure to do the following:
- Enable open_ssl php extension
ldaps://myldapserver.comformat for ldap server
- On a windows server, see How to enable LDAP over SSL with a third-party certificate authority
Need to use Start TLS
- To use TLS, you either need your certificate to work OR need to configure ldap to never require a certificate. See http://jaredjennings.org/index.php5/Enabling_LDAP_SSL_in_PHP
Error Messages and Warnings
- "Possible invalid format for ... 'The format may be correct for your ldap, but please double check.". This warning is given when an ldap attribute name (cn, dn, mail, etc.) is checked to be within ldap standards. Active Directory and other LDAP implementations commonly break these standards, so your attribute name may be correct and still get this error.
- Could Not start TLS errors. Could not start TLS. (Error -11: Connect error).
Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in ...
These are commonly certificate or open ldap configuration problems. Here are some debugging steps:
- Try connecting with start TLS turned off. If this succeeds it shows you have the right server connection. If it fails it doesn't tell you anything new
- Try connecting from php command line with the test script in #1292786: LDAP Server: Server test startTLS fails connecting to 389-DS to take Drupal, Apache, and LDAP modules out of the possible causes
- Make sure openldap is configured correctly. See section Client Configuration section of http://www.openldap.org/doc/admin24/tls.html and http://www.openldap.org/faq/data/cache/185.html
- Make sure the ldap server accepts connections from your server. If you have access to the ldap server logs, they may be useful