Thanks for the report. Could you please explain, how it is supposed to work. Any snippet? I've just compared 7.0 and 5.6 and the behavior is not different. OpenLDAP is always compiled with SSL support and either of versions trying to load any of config files. The build config of dependencies is in both cases the same and the sysconf is set to c:\\openldap\\sysconf. I need more tips from you to reproduce the behavior.

Thanks.

Current working configuration:
    PHP 5.5.30
    Config File: C:\OpenLDAP\sysconf\ldap.cfg
        Contents: TLS_REQCERT never
Current failing configuration:
    PHP 7.0.0RC7
    Config File: C:\OpenLDAP\sysconf\ldap.cfg
        Contents: TLS_REQCERT never

Code:
    $ldap_identifier = ldap_connect('ldaps://activedirectory');

    ldap_set_option($ldap_identifier, LDAP_OPT_REFERRALS, 0);
    ldap_set_option($ldap_identifier, LDAP_OPT_PROTOCOL_VERSION, 3);

    $bind = ldap_bind($ldap_identifier, 'user', 'password');

    if ($bind !== true) {
        ldap_get_option($ldap_identifier, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
        echo $extended_error;
    } else {
        echo "Connected";
        var_dump($bind);
    }

PHP 5.5.30 Output:
    Connected
    boolean true

PHP 7.0.0RC7 Output:
    Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in ... on line 8
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)

This was an error I received prior to creating the configuration file on 5.5.30. This is just a proof-of-concept and CURRENTLY I'm not concerned with the certificate (I actually know it's expired which is a problem I'll tackle later). Either way with the configuration file it should work the same as before or documentation needs to be updated. Also the documentation itself doesn't mention the configuration file - luckily a few comments do.

Thanks for the further info. As I've mentioned, i couldn't spot any attempts to load the config file at the startup file. It likely could be, that the file is only getting loaded when PHP code starts to work. I'll probably have to setup a ldap server, lets see.

But one thing I would like to ask you before - please check the event logs. 5.5 and 7 use different OpenSSL versions. OPenSSL 1.0.2 used with 7.0 is integrated better with the Windows APIs. It could be, that your certificate gets validated live and OpenSSL just refuses it.

Thanks.

Btw the error message you posted looks pretty much like that, certificate failure. IIRC starting with even with OpenSSL 1.0.1, custom certificates might be deleted automatically from the Windows storage, as they got validated with some trusted certificate checker service.

Thanks.

I removed the config file completely and the error triggered on 5.5.30, so it's definitely reading it in previous versions. I'm fully aware that the error I'm getting is a certificate problem. Which is why I used the directive TLS_REQCERT never. In 5.5.30 you would use the config file to add certs as well - so again - what am I suppose to do in PHP7 when I need an SSL/TLS connection?

After looking over the source for this extension and the source for OpenLDAP itself I've found what needs to be done in Windows - I'm not how this translates to Linux.

You need to set an environment variable of LDAPCONF that is equal to the path and filename of your configuration. In previous versions the extension would assume C:\openldap\sysconf\ldap.conf.

@jspringe, thanks for the further investigation. If it's a change in the OpenLDAP version, it would make sense to document it.

Thanks.

How can I help?

If you're willing to contribute to the documentation, please visit http://doc.php.net/ for more details. You also can submit a patch over https://edit.php.net/ .

Thanks.

I've the same problem with Linux and xampp (xampp-linux-x64-7.0.2-1) and don't have any solution.

I've tried to export LDACONF before starting lampp withou success:
export LDAPCONF=/opt/lampp/etc/openldap/ldap.conf
sudo ./lampp start

I've tried too, change /etc/ldap/ldap.conf file whitout success: "TLS_REQCERT never" is not taken into account

Works ok with previous version of xampp (with php5)

Apparently, this issue has been resolved with the fix for <https://bugs.php.net/73243>.

… and has not been a doc issue at all. :-)