php-ldap needs to be installed
If your LDAP server's SSL certificate is self-signed, your VCL web server needs to have the root CA certificate that was used to sign the LDAP server certificate installed. The PEM formatted certificate needs to be added to the ca-bundle.crt file. On CentOS, the file is located at /etc/pki/tls/certs/ca-bundle.crt. The hostname in the certificate must match the hostname entered in the conf.php file further down. If your certificate does not have the correct hostname in it, you can put an entry in /etc/hosts for the hostname in the certificate.
After adding the certificate, restart httpd: {tip} service httpd restart {tip}
You can verify that the certificate is properly installed using this command: {tip} openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt -connect your.ldap.server.here:636 {tip} If you see “Verify return code: 0 (ok)” at the end of the output then it is installed correctly. If you see a different return code, then you'll need to troubleshoot the problem.
You may need to add a line to /etc/openldap/ldap.conf to point to the ca-bundle.crt file. If so, add the following:
TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt