On Thu, Dec 06, 2001 at 12:08:12PM +0100, Susanne Benkert wrote: > After recompiling my Php with the newest LDAP-Libraries and Openssl > "ldap_connect("ldap://hostname")" works. But I still have problems with > "ldap_connect("ldaps://hostname")":
Could you check whether ldapsearch -H "ldaps://hostname" works? PHP should work if and only if this works. As hostname you should use the same as the CN in the certificate, probably the FQDN (full hostname and domain). > What did I wrong? Does Php need its own Key/Certificate (as client > certificate)? Or is something wrong with my server certificate of Ldap? > (But I can't imagine, because other actions like ldapsearch already seem > to work with TLS.) Did you also try with -H ldaps:// and the same hostname? Client certificate is only needed if you put "TLSVerifyClient 1" in slapd.conf on the server. > Has anything should be change in the configuration of php when using it > with SSL and Openldap? No. I suggest you try to get ldapsearch -H ldaps://host/ to work first. If it doesn't work (and you don't get more answers here), please ask on the OpenLDAP lists. If you get ldapsearch -H to work, but not PHP, then this is the place to ask or submit a report at bugs.php.net. I'm pretty sure ldapsearch -H will give the same error though. I see now that you did mail the OpenLDAP list as well. I think that is the right place, but there is a danger people there will think it's a PHP problem. If you don't get answers there, test with ldapsearch -H, and if that fails, post that on the OpenLDAP list as well, since in that case PHP isn't involved. I could try to provide more help if necessary, but I'll be mostly available for over a week now, so I hope some others will offer help as well. Don't give up, Stig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]