Please help us help you and fill where relevant: Your LimeSurvey version: 6.15.15 Own server or LimeSurvey hosting: Own Server Survey theme/template: Default
==================
I’ve set up LimeSurvey on IIS in an air-gapped Windows Server 2022 environment with Active Directory and MySQL. LDAP (port 389) authentication works fine, but switching to LDAPS (636) fails with the error “Can’t contact LDAP server.” What I’ve done so far:
Environment:
VM1 – Domain Controller (dc01.survey.local) with CA installed
VM2 – IIS + LimeSurvey
VM3 – MySQL
VM4 – Client for testing
Verified LDAPS from VM1:
ldp.exe connects successfully to dc01.survey.local:636
PowerShell test with [System.DirectoryServices.Protocols.LdapConnection] works
PHP test (openssl + ldap_connect) still fails with "Can't connect to LDAP server"
Certificates:
DC has a cert issued by the internal CA using the Domain Controller template
Subject is empty but SAN includes dc01.survey.local, survey.local, and SURVEY
Verified with certutil that the CA cert is trusted on the IIS server
openssl_x509_parse() returns the parsed array successfully
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. -
Professional support
-
Plugins, theme and development
. I don't answer to private message.
I’ve the latest version with the PR applied (github.com/LimeSurvey/LimeSurvey/pull/4217), and I confirmed that my ldap_helper.php matches the updated code. My LDAP plugin config is also correct: use_start_tls = false, LDAPv3, port 636 for LDAPS, proper bind DN and password.
Despite this, I still can’t login via LDAPS—connections to port 636 work from the server (IIS) using PHP test scripts, and normal LDAP (389) works.
Could anyone advise on further steps to debug or confirm LDAPS is fully functional in LimeSurvey?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. -
Professional support
-
Plugins, theme and development
. I don't answer to private message.
