I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server.

So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read.

I have configured my server as follows:

1. I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs
2. I have created a pem file based on this certificate using openssl

3. I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate:

   TLS_CACERT /etc/openldap/certs/xyz.internal.pem

When I run my script, I get the following error:

0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ):

Have I missed something with my configuration, which is causing the server to reject making updates to AD?