I really struggled to get PHP to be able to use LDAPS to talk to my domain controller. I wanted the ability to create users and set passwords and security groups so that I could administer users from my web interface.
It took a lot of googling but I finally got it working and it turns out in the end it is quite straight forward.
SETTING UP THE MACHINE
I started with a new Virtual machine with SSH and LAMP installed. I was using a 12.4LTS version of Ubuntu as it was a download I had handy.
Once set up the first thing to do is to turn on errors in PHP. This just makes it possible to debug what is happening.
To do this edit the php.ini file
sudo vim /etc/php5/apache2/php.ini
Around line 500 change the setting to turn errors on
display_errors = On
Remember to restart apache for it to take affect
sudo service apache2 restart
PHP
You need to ensure that the LDAP module for PHP is installed. To solve this run
sudo apt-get install php5-ldap
Then remember to restart the service
sudo service apache2 restart
ADD THE ROOT CERTIFICATEYou need install a certificate on your server. This is the Root certificate. To do this copy the root crt file to
/usr/local/share/ca-certificates
Once you have created the file you have to update the certificates. Run
sudo update-ca-certificates
This will place the certificate in the correct place.
etc/ssl/certs/
Configure LDAPS
The other thing I did was to change the LDAPS config
vim /etc/ldap/ldap.conf
and add
TLS_REQCERT never
to the bottom of the file
You should now be able to connect to LDAPS with PHP and create users in active directory.