LDAPs support

Yes, it supports both ldaps as well as StartTLS. It also supports external LDAP servers, as long as those LDAP servers are reachable. What error messages are you seeing? Also, have you verified you can connect and bind to your LDAP server from your system from outside of WordPress (command line, ApacheDirectoryStudio, etc)?

The most common issue when connecting to LDAP vis SSL/TLS is a configuration error/issue on the system hosting your website. Here’s a simple LDAP connection script you can use to test your configuration: https://github.com/gilzow/simple-ldap-test/blob/master/ldap.php

I’m getting connection timeouts with below error when I tried the script:
[19-Dec-2016 14:29:56 UTC] PHP Warning: ldap_start_tls(): Unable to start TLS: Can’t contact LDAP server in /www/wp-content/ldapstest/testldaps.php on line 278

Here’s line 278 on the test script:
if(!ldap_start_tls($this->rscConnection)){

There’s an issue then with the configuration of your system in using startTLS. Are you on a shared host? VPS? Physical server? Do you know what OS you are running?

Our site is hosted in Flywheel and I think we’re on VPS. Does that help?

Do you have shell access? if so, try doing ldapsearch via command line (make sure to use -Z parameter) and see what errors are reported.

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/ldap-clients-ssl.html

I know in some instances SELinux can block ports 389 and 686.

we will have our wordpress site (hosted in flywheel) connect to an external ldap server (which we also don’t have access to, we’re just given the certificate). i’,m afraid we don’t have shell access but i’ll try and coordinate this with our hosting provider. is there anything we need to check considering the setup we have?

thank you

Usually, an ldap server isn’t accessible to the world. So you need to make sure the server hosting your website can actually connect to it. This usually involves adding your system’s ip address (or ip range) to the allowed list in the firewall where the LDAP server resides. Once you know you can access the ldap server, then you start down the path of trying to resolve potential certificate issues. Make sure you can actually get connected first before we start down the path of trying to troubleshoot certificate issues

we were able to use another plugin that works on a standard port but are having issues with ldaps so we’re looking for other options and i came across your plugin.

i managed to contact our hosting provider, and shell access is something that is not supported at this time. is there any other way for this to work on a public hosted website?

with the test script i had you use earlier, add

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

to the top of the file and try again. this will log additional ldap debugging information. Try the test script and then check your logs to see what additional information was logged during the ldap connection attempt.

I will warn you though that with ssl/tls issues, it is almost always a server configuration issue and/or certificate issue.

It’s been a month since I heard from you last so I’m going to assume this is resolved. If not, please let me know and I’ll reopen.