Had a few problems with coding a simple Activie Directory password reset web form. It appears when coding in PHP the OpenLdap doesn’t trust the connecting Domain Controller’s SSL Certificate issuing CA.
This can be fixed with PHP on either Apache or IIS with a simple file:
Create a file named ‘ldap.conf’ in the directory ‘c:\openldap\sysconf’. In the file the first line should include ‘TLS_REQCERT never’.
Restart IIS or Apache for the setting to take effect.
Yes, the file location and file name is weird but it does solve the problem.