Re: PHP LDAP - ldap_bind(): Unable to bind to server: Can't contact LDAP server

Maybe there's a firewall blocking access to the LDAP server from your IBM i server?

In my experience it's fairly commonplace to limit which machines can query the LDAP with a firewall.

If it's not that, then I would troubleshoot this further by trying to create a connection outside of PHP and see if that can connect to the LDAP server, etc. Maybe that'll give you some clues as to what might be going on? I mean, it's saying that (for unknown reasons) it can't contact the server. To me, that implies that ssomewhere in the process of establishing a network connection, something is going wrong. You can determine whether the problem is only in PHP vs. anywhere on the machine relatively simply. If nothing on the machine can contact it, then clearly the problem isn't PHP or Apache, it's something in the networking. A firewall, a routing problem, or some other configuration problem. But if it does work from other non-PHP programs, then the issue is somwhere in PHP... would be good starting point, anyway.

Re: PHP LDAP - ldap_bind(): Unable to bind to server: Can't contact LDAP server

Scott,

Thanks for the reply. The port is open from the iSeries. I ran the following PHP script to test the port (636 for LDAPS). Looks like the problem is somewhere in PHP and not a networking issue. I wonder if it has something to do with the SSL certificates in the iSeries SSL store, since this is LDAP over SSL. That may be a reason why it cannot communicate with the server...may be failing at the protocol level. Anyone know off-hand where the iSeries may keep it's global SSL certs? I know on my linux box they are usually in the /etc/ssl/certs directory.

<?php
$host = '<REMOVED>';
$ports = array(636);

foreach ($ports as $port){
$connection = @fsockopen($host, $port);

if (is_resource($connection)){
echo '<h2>' . $host . ':' . $port . ' ' . '(' . getservbyport($port, 'tcp') . ') is open.</h2>' . "\n";
fclose($connection);
}else{
echo '<h2>' . $host . ':' . $port . ' is not responding.</h2>' . "\n";
}
}
?>

Re: PHP LDAP - ldap_bind(): Unable to bind to server: Can't contact LDAP server

Not sure if PHP is different... but for most applications on IBM i, certificates are kept in the digital certificate manager, which uses a database to store them. (They aren't just files in a directory like they would be on Linux.)

You typically administer the Digital Certificste Manager (DCM) by connecting to a web server on the i running on port 2001, and selecting "Digital Certificate Manager" from the "IBM i Tasks" page. You'll need to log in to the *SYSTEM store (for which you'll need to know the admin password that was assigned when it was created) and then you'll be able to manage the certificates.

At least, that's how it works in most IBM i applications written in native languages like RPG, C, C++, Cobol, etc.

I've never done it in PHP.