堆栈内存溢出
  简体   繁体   English

带有TLS的PHP以实现安全的LDAP

[英]PHP with TLS for secure LDAP

 原文  2016-07-02 11:14:01       php/ security/ ssl/ ldap

问题描述

I am trying to use remote LDAP server. 我正在尝试使用远程LDAP服务器。 For the purpose of security, I am trying to use only secure connection. 为了安全起见,我尝试仅使用安全连接。 I am able to get some code working but I am not sure, given the PHP documentation of start TLS itself, that if the following code works only on secure channel. 我能够使一些代码正常工作,但是鉴于启动TLS本身的PHP文档,我不确定如果以下代码仅在安全通道上有效。 Can anyone help with this please? 有人可以帮忙吗? 

$is_valid_user = FALSE;

try {
    $ds = ldap_connect('ldap.foo.com', 389);
    if (! ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
        return "";
    }

    if (! ldap_start_tls($ds)) {
        return "";
    }
} catch(Exception $e) {
    return "";
}

if (! ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
    $error = "LDAP Server protocol error.";
    return "";
}

try {
    $bnd = @ldap_bind($ds, 'uid='.$user.', ou=people, dc=ldap, dc=foo, dc=com' , $passwd);

    if ($bnd) {
        $is_valid_user = TRUE;

        $srch=ldap_search($ds, 'dc=ldap, dc=foo, dc=com', "uid=$user");
        $info=ldap_get_entries($ds, $srch);
        $userdn=$info[0]["dn"];
        $usernm=$info[0]["cn"][0];

        return $usernm;
    } else {
        return "";
    }
} catch(Exception $e) {
    return "";
}

1 个解决方案

解决方案1
 1 已采纳  2016-07-02 20:31:13

Just a few general improvements below. 以下是一些常规改进。 And yes, how that's written it will not continue unless the connection is encrypted via TLS. 是的,除非通过TLS加密连接,否则它将不会继续下去。 The LDAP module doesn't throw any exceptions at the moment, so the try/catch block is not really needed. LDAP模块目前不会引发任何异常,因此真正不需要try / catch块。 Hard to tell without seeing the rest of your code, but is there a reason you want to return an empty string instead of false or null or some sort of error message? 在看不到代码其余部分的情况下很难说出来,但是是否有理由要返回空字符串而不是falsenull或某种错误消息? 

$is_valid_user = false;

$ds = ldap_connect('ldap.foo.com', 389);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

if (!@ldap_start_tls($ds)) {
    return "";
}

$bindUser = 'uid='.ldap_escape($user, null, LDAP_ESCAPE_DN).',ou=people,dc=ldap,dc=foo,dc=com';
if (@ldap_bind($ds, $bindUser , $passwd)) {
    $is_valid_user = true;

    $srch = ldap_search($ds, $bindUser, '(objectClass=*)', ['cn']);
    $info = ldap_get_entries($ds, $srch);
    $userdn = $info[0]["dn"];
    $usernm = $info[0]["cn"][0];

    return $usernm;
} else {
    return "";
}

There are also several LDAP libraries available that make LDAP much easier with PHP. 还有一些可用的LDAP库,这些库使使用PHP的LDAP更加容易。 I would recommend LdapTools or adldap2 . 我建议使用LdapToolsadldap2

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安全的LDAP PHP脚本? - Secure LDAP PHP Script? php7 ldap通过TLS连接并绑定 - php7 ldap connect and bind via TLS 安全LDAP可与PHP CLI配合使用,但不能通过apache配合使用 - Secure LDAP works with PHP CLI but not through apache 无法使用与php的安全连接绑定到LDAP目录 - can not bind to the LDAP directory with secure connection with php 通过安全域上的PHP连接到非安全LDAP服务器 - Connecting to a non-secure LDAP server via PHP on a Secure Domain PHP-LDAP搜索偶尔通过TLS / SSL工作 - PHP - LDAP search working sporadically over TLS/SSL 如何从php / Zend为LDAP使用多个TLS证书? - How to use multiple TLS certificates for LDAP from php/Zend? 在PHP 5.3中为ldap_ *功能启用TLS 1.2 - Enable TLS 1.2 for ldap_* functions in PHP 5.3 如何解决PHP中的ldap_start_tls()“无法启动TLS:连接错误”? - How do I solve ldap_start_tls() “Unable to start TLS: Connect error” in PHP? 安全远程服务器Windows上的php LDAP绑定失败 - php LDAP bind on secure remote server Windows fail
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM