I am trying to bind to AD with php_ldap (using ADLdap), from a Ubuntu (hardy 8.04LTS) host. Binding on port 389 is fine to ldap://myserver, but does not allow me to do things like set password, so I need to bind on port 636 to ldaps://myserver.
I am aware that some form of credential passing occurs, perhaps with certificates, but I am really struggling to get anything working - the bind fails on ldaps.
The test rig AD has a container Users, in domain mydom.local The account I am using to bindis in the Users container, and has a DN of
'CN=LDAP BIND,OU=Users,DC=mydom,DC=local' and a password of 'mypass'
its sAMAccount name is ldap
I suspect I either need to install some extra packages on the ubuntu box, or do some magic to AD on the windows server, or do some certificate grabbing stuff, but I am stuck.
Just to add some detail, if I try to connect from the command line with ldapsearch to search for some user called install, I get
ldapsearch -vv -H 'ldaps://server.mydom.local' -Y DIGEST-MD5 -X 'dn:CN=LDAP BIND,OU=Users,DC=mydom,DC=local' sAMAccountname=install -U 'u:LDAP BIND'
ldap_initialize( ldaps://server.mydom.local:636/??base )
SASL/DIGEST-MD5 authentication started
Please enter your password: mypass
ldap_sasl_interactive_bind_s: Invalid credentials (49)
As I say, I can successfully bind on 389.
I have installed on the ubuntu box ldap-utils, libldap, php5-ldap, and /etc/ldap/ldap.conf is:
TLS_REQCERT never
BINDDN 'CN=LDAP BIND,OU=Users,DC=mydom,DC=local'
URI ldaps://server.mydom.local
Any advice?