使用PHP连接活动目录或LDAP
[英]Connect an active directory or LDAP with PHP
问题描述
I am trying to connect the active directory or LDAP of window with an application ( GLPI ) made in PHP. 
我试图将窗口的活动目录或LDAP与PHP中创建的应用程序( GLPI )连接。
Connection parameters: 连接参数:
Connecting with the server: 与服务器连接:
$ds = ldap_connect($host, $port) // return true
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
@ldap_set_option($ds, LDAP_OPT_DEREF, $deref_options);
Relate connection to server and user and password 与服务器,用户和密码相关的连接
ldap_bind ($ds, $ login, $ password)
returns me: 返回我:
"Can not contact LDAP server"
I want to know what can happen with that error message, since in the first method it returns true to me, which means that if it connects to the server. 我想知道该错误消息会发生什么,因为在第一种方法中它对我返回true,这意味着如果它连接到服务器。
RootDN This is fine and has all the permissions the user I am using. RootDN很好,并且具有我正在使用的用户的所有权限。
The default server is fine and I did ping and telnet . 默认服务器很好,我执行ping和telnet 。
Note: I already downloaded LDAPExplorer and established connection without problem. 注意:我已经下载了LDAPExplorer并成功建立了连接。
3 个解决方案
解决方案1
1 2018-12-11 10:47:43
Does the missing : $ds = ldap_connect ... like how it is in your code? 是否缺少: $ds = ldap_connect ...像您的代码中那样?
It should be something like : 应该是这样的:
$ds = ldap_connect($host, $port);
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
@ldap_set_option($ds, LDAP_OPT_DEREF, $deref_options);
ldap_bind ($ds, $login, $password)
解决方案2
1 2018-12-11 16:05:50
ldap_connect does not connect to the server as is clearly stated in the docs . docs中明确指出, ldap_connect 无法连接到服务器。 It merely creates a resource and checks whether the given values are plausible. 它仅创建资源并检查给定的值是否合理。 The actual connection is established with the first command that requires a connection to the server. 实际连接是通过需要连接到服务器的第一个命令建立的。 In this case the ldap_bind . 在这种情况下, ldap_bind 。
BTW: The "first method" does not return true but a resource-handle. 顺便说一句:“第一个方法”不会返回true而是一个资源句柄。 Only when you pass something absolutely not parseable it will return false . 只有当您传递绝对不可解析的内容时,它才会返回false 。 But never true 但从来都不是 true
I'd recommend using an LDAP-URI instead of the $host, $port variation as the PHP-library has to do that otherwise internaly. 我建议使用LDAP-URI而不是$host, $port变体,因为PHP库必须在内部进行此操作。 And it's the only way to fe establish an LDAPS-connection. 这是建立LDAPS连接的唯一方法。
解决方案3
1 已采纳 2018-12-13 16:20:11
Ok, the solution to my problem is to upgrade from GLPI version 9.3.0 to 9.3.3. 好的,解决我的问题的方法是从GLPI版本9.3.0升级到9.3.3。
Suggestions: 建议:
For users, what could happen to this, verify the messages that GLPI has informs about pending installation packages.
对于用户,这可能会发生什么,请验证GLPI告知有关挂起的安装软件包的消息。 So I opted for the update and the connection worked without problem. 因此,我选择了更新,并且连接正常进行。 For users who can not update version, verify that apache packages are pending to install or update, also in the installation process in the setup, be very careful installing the entire list that seems pending.
对于无法更新版本的用户,请在安装程序的安装过程中验证apache软件包是否正在等待安装或更新,请非常小心地安装似乎未决的整个列表。
To fix some errors by installing version 9.3.3: 要通过安装版本9.3.3修复一些错误,请执行以下操作:
chown -R apache: apache glpi / files
chmod -R 755 glpi / files
chown -R apache: apache config
chmod -R 755 glpi / config
also: 也:
setsebool -P httpd_can_network_connect_db 1
Thank you. 谢谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.