I forgot to say that according to phpinfo()
the openssl extension is working

Please SEARCH the bugdb. This is just not implemented, see #17738

Sorry, but I have to correct you.
This is implemented since a long time,
as you can see here: http://www.php.net/manual/en/function.ldap-connect.php
I can confirm that it is working with Suse Linux 7.3 and
PHP 4.0.6, which is a rather old version.
Maybe it?s just not compiled into the win32-version?
Is someone able to compile it correctly?

This is different problem and most likely the ldap
libraries used to build the win32 ldap extension just
haven't been compiled with SSL support.

Is really noone able to compile this dll with ssl-support?

Assigning to Edin, so he remembers to look into enabling the ssl support for snapshots/releases.

Could you please try:

http://ftp.proventum.net/pub/php/win32/temp/php_4.2.x_ldap.zip

Thank you for compiling the dll with ssl-support.
It seems to work so far.
But now I have the problem, that PHP always wants to send a client certificate, even with "TLSVerifyClient never" in slapd.conf. In the debug-console of the LDAP-server I can read:

TLS trace: SSL3 alert read:fatal:unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:964

Where can I configure, that PHP should not send a client certificate, or where do I have to put it?

From: http://www.openldap.org/doc/admin/tls.html

"11.2.2.6. TLS_REQCERT { never | allow | try | demand }

This directive is equivalent to the server's TLSVerifyClient option. However, for clients the default value is demand and there generally
is no good reason to change this setting."

(I don't have any server setup so I can't test this myself now)

In the last week I did some testing. I used PHP 4.2.3 with your php_ldap.dll on Win2000 and Apache 1.3.26. The OpenLDAP-server (slapd) was running on Linux and Win2000, but I get the same results on both platforms. I created the configuration-file "C:\OpenLDAP\sysconf\ldap.conf" (I saw that string in php_ldap.dll) on the machine, where PHP is running. In this file I put the TLS_REQCERT-directive and tested with all 4 possible values:

never, allow: seems to work
try, demand: does not work, PHP always sends a client certificate, which the LDAP-server can't accept (see above).
But there is no client certificate configured!?

Why do you ask these questions here when you could have got the answers simply by searching with some search engine?!

http://www.openldap.org/lists/openldap-software/200108/msg00043.html

Bogusing this bug report since this really IS NOT any bug in PHP.

OK, since the dll is now compiled with ssl-support, PHP is not the problem any longer.
Just one last question: Will the ssl-support for the win32-version be integrated in future php-releases?

Were you able to make it work? I'm asking since getting openldap libs to compile on windows with SSL support is a non-trivial task.

It seems to work under certain circumstances as you can read in my previous post (12 Oct 5:35am). I tested it only with OpenLDAP-server, because I don't have access to an Novell Edirectory-Server at the moment. I will test it again in the future and post the results here.

The error "TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:964" in the SSL debug output is a red herring.  PHP is not sending a client cert or doing anything with client certs.  The problem here is PHP does not trust the server, as it does not have the LDAP server's public certificate.  What you need to do is create the file "c:\OpenLDAP\sysconf\ldap.conf" with the single line "TLS_CACERT c:\path\to\server.cert" where server.cert is the cert of the LDAP directory to which you are trying to connect.  With that in place, ldaps should work.

It is not clear, if after version 4.2.1, ldap is being compiled with ssl support for Windows. I am trying to use 4.3.1 binaries to connect to Active Directory; ldap_connect('ldap://hostname') works fine but I am not able to bind with a ldaps://hostname connection.

i use perl LDAPS() function verify => 'none'
work fine but in php i can only use ldap:// instead of ldaps://. There is no error displayed.