[英]LDAP Authenticated Bind Issue - PHP, Apache, Windows
I'm having issues performing an authenticated bind against the server. 我在对服务器执行经过身份验证的绑定时遇到问题。 The issues doesn't appear to be in code however maybe a server issue.
这些问题似乎不在代码中,但是可能是服务器问题。
Just so you know; 就是这样,
I can bind anonymously using this script; 我可以使用此脚本匿名绑定;
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding anonymously
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
echo "LDAP bind anonymous successful...";
} else {
echo "LDAP bind anonymous failed...";
}
}
However when I try to do an authenticated bind using this script, it fails. 但是,当我尝试使用此脚本执行经过身份验证的绑定时,它将失败。
// Authenticated Bind
$ldaprdn = 'username@domain.com'; // ldap rdn or dn
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
Where am I going wrong? 我要去哪里错了?
May your LDAP requires a DN
as login. 可能您的LDAP需要
DN
作为登录名。 For retrive the DN make a search of the user uid
first. 为了检索DN,请首先搜索用户
uid
。
$search = ldap_search($ldapconn, $baseDn, $filter, $attributes);
if ($search) {
$entries = ldap_get_entries($ldapconn, 'uid=' . $ldaprdn);// Here $ldaprdn is the email
if (is_array($entries)) {
$ldaprdn = $entries[0]['dn']; // Get the DN of the user
}
}
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// ....
NOTE : You should escape $ldaprdn
for avoid LDAP injection attacks. 注意 :您应该转义
$ldaprdn
以避免LDAP注入攻击。
Okay, after much investigation I have turned on error info using ldap_errno()
and ldap_error()
and found it bringing back the error 'Strong(er) authentication required' have discovered two possible solutions; 好的,经过大量研究,我使用
ldap_errno()
和ldap_error()
打开了错误信息,并发现它带回了错误信息“需要强身份验证”,这发现了两种可能的解决方案:
Adjust Group Policy Settings 调整组策略设置
No signing requirements (Domain Controller: LDAP server signing requirements) 无签名要求(域控制器:LDAP服务器签名要求)
Result: Managed to bind successfully and when I enter the username or password incorrectly and it throws an 'Invalid credentials' as expected. 结果:绑定成功,当我输入用户名或密码不正确时,它会按预期抛出“无效凭据”。
Enable LDAP over SSL (LDAPS) 启用LDAP over SSL(LDAPS)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.