LDAP身份验证绑定发行-PHP,Apache,Windows
[英]LDAP Authenticated Bind Issue - PHP, Apache, Windows
问题描述
I'm having issues performing an authenticated bind against the server. 
我在对服务器执行经过身份验证的绑定时遇到问题。 The issues doesn't appear to be in code however maybe a server issue. 这些问题似乎不在代码中,但是可能是服务器问题。
Just so you know; 就是这样,
- LDAP is enabled in Apache/PHP 在Apache / PHP中启用了LDAP
- I'm connecting as user@domain.com 我以user@domain.com的身份连接
- The domain controller has LDAP running and an entry in the firewall (Windows Server 2008 R2) 域控制器正在运行LDAP,并且在防火墙中有一个条目(Windows Server 2008 R2)
- I can perform an anonymous bind 我可以执行匿名绑定
I can bind anonymously using this script; 我可以使用此脚本匿名绑定;
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding anonymously
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
echo "LDAP bind anonymous successful...";
} else {
echo "LDAP bind anonymous failed...";
}
}
However when I try to do an authenticated bind using this script, it fails. 但是,当我尝试使用此脚本执行经过身份验证的绑定时,它将失败。
// Authenticated Bind
$ldaprdn = 'username@domain.com'; // ldap rdn or dn
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
Where am I going wrong? 我要去哪里错了?
2 个解决方案
解决方案1
0 2013-04-09 09:58:19
May your LDAP requires a DN as login. 可能您的LDAP需要DN作为登录名。 For retrive the DN make a search of the user uid first. 为了检索DN,请首先搜索用户uid 。
$search = ldap_search($ldapconn, $baseDn, $filter, $attributes);
if ($search) {
$entries = ldap_get_entries($ldapconn, 'uid=' . $ldaprdn);// Here $ldaprdn is the email
if (is_array($entries)) {
$ldaprdn = $entries[0]['dn']; // Get the DN of the user
}
}
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// ....
NOTE : You should escape $ldaprdn for avoid LDAP injection attacks. 注意 :您应该转义$ldaprdn以避免LDAP注入攻击。
解决方案2
0 已采纳
Okay, after much investigation I have turned on error info using ldap_errno() and ldap_error() and found it bringing back the error 'Strong(er) authentication required' have discovered two possible solutions; 好的,经过大量研究,我使用ldap_errno()和ldap_error()打开了错误信息,并发现它带回了错误信息“需要强身份验证”,这发现了两种可能的解决方案:
Adjust Group Policy Settings 调整组策略设置
- Negotiate Signing (Network security: LDAP client signing requirements) 协商签名(网络安全性:LDAP客户端签名要求)
No signing requirements (Domain Controller: LDAP server signing requirements)
无签名要求(域控制器:LDAP服务器签名要求) Result: Managed to bind successfully and when I enter the username or password incorrectly and it throws an 'Invalid credentials' as expected.
结果:绑定成功,当我输入用户名或密码不正确时,它会按预期抛出“无效凭据”。
Enable LDAP over SSL (LDAPS) 启用LDAP over SSL(LDAPS)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.