Its prototype follows:
boolean ldap_start_tls(resource link_id)
There are a few points worth noting regarding this function:
??? TLS connections for LDAP can take place only when using LDAPv3. Because PHP
uses LDAPv2 by default, you need to declare use of version 3 specifically, by using
ldap_set_option() before making a call to ldap_start_tls().
??? You can call the function ldap_start_tls() before or after binding to the directory,
although calling it before makes much more sense if you??™re interested in
protecting bind credentials.
An example follows:
$connection = ldap_connect("ldap.openldap.org");
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($connection);
?>
Because ldap_start_tls() is used for secure connections, new users commonly
mistakenly attempt to execute the connection using ldaps:// instead of ldap://.
Note from the preceding example that using ldaps:// is incorrect, and ldap:// should
always be used.
Binding to the LDAP Server
Once a successful connection has been made to the LDAP server (see the earlier
section ???Connecting to an LDAP Server???), you need to pass a set of credentials under
the guise of which all subsequent LDAP queries will be executed. These credentials
CHAPTER 17 ?– PHP A ND LDAP 429
include a username of sorts, better known as an RDN, or Relative Distinguished Name,
and a password.
Pages:
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508