Had this error on RHEL7 ( CentOS7 ) due to SELinux restricting ports HTTPD can use.

LDAP ports 389 and 636 are not on the default allow list, you can unblock with:

setsebool -P httpd_can_network_connect 1

You can test for the restriction by trying a socket to the LDAP server:

fsockopen('LDAP-Server-IP', 389);

It will give 'Permission Denied' showing it's blocked and not a credentials issue.

Also check your SELinux audit log file for other things being blocked.

  • 8
Reply Report

Connect opens the session. Bind is what actually authenticates you. Thus you connected but did not login with valid credentials.

  • 6
Reply Report
      • 2
    • This answer is not correct. I am able to get PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in ... on one server while I am able to use the same credentials to get true as result of the bind on my local machine.
      • 2
    • The ldap_connect method does not connect or open a session to the server. From the docs Note: This function does not open a connection. It checks whether the given parameters are plausible and can be used to open a connection as soon as one is needed.. The act of doing an ldap_bind will initiate the connection, so will a ldap_start_tls.

Sometime the problem will depend of your environment(Linux, Windows...) Try to bind with one of this options:

$connect = ldap_connect("ldap://".$ldap_server);
$auth_user = 'CN=XXX,OU=XXX,DC=XXX,DC=com';
$bind = ldap_bind($connect, $auth_user , $auth_pass);


$bind = ldap_bind($connect, 'YourDomaine\\'.$auth_user , $auth_pass);
  • 1
Reply Report

the ldap_bind() function asks for a three parameters:

  1. a resource id
  2. a rdn
  3. a password associated with the rdn the rdn and password are optional

if you bind using only the resource id :-

// $ldap=ladap_connect(*hostname*,*port*);  
// ldap_connect() returns a resource id
ldap_bind() returns a boolean value(true or false)  
ldap_bind($ladp); //annonymous bind    
$lb=ldap_bind($ldap,"uid=xxx,ou=something,","password"); //used to authenticate  

this should work if not then you are using invalid credentials.

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions