哪个 Active Directory 的属性对应于 PHP 中的 ldap_bind function 的“bind_password”参数
[英]Which Active Directory's attribute corresponds to the “bind_password” parameter of the ldap_bind function in PHP
问题描述
I am creating an API for registration and authentication by Active Directory.
我正在创建一个 API 用于 Active Directory 的注册和身份验证。
When registering, I use the "userPassword" field to store the password.注册时,我使用“userPassword”字段来存储密码。
$user = new User([
'cn' => $full_name,
'userPassword' => $password,
'samaccountname' => $username,
'mail' => $email
]);
$user->inside(config('ldap.connections.default.base_dn'));
$user->save();
Registration works fine.注册工作正常。 But at the time of authentication, the Active Directory does not recognize the provided password:但在身份验证时,Active Directory 无法识别提供的密码:
$user = User::where('samaccountname', '=', $username)->firstOrFail(); // all is good here. print_r($user) shows user details
if (Container::getDefaultConnection()->auth()->attempt($user['distinguishedname'], $password)) {
// returns a response to the user
return \response()->json(
new UserResource($user), 200
);
} else {
return \response()->json(
[
'message' => 'invalid credentials or user not exists.'
], 403
);
}
Can someone help me.有人能帮我吗。
2 个解决方案
解决方案1
1 2020-04-27 17:33:39
Using plain stored password won't work, there are some encoding which need to be carried out but there's a mutator unicodePwd that will handle it for you.使用普通存储的密码是行不通的,需要进行一些编码,但是有一个 mutator unicodePwd会为你处理它。 Try尝试
$user = new User([
'cn' => $full_name,
'unicodePwd ' => $password,
'samaccountname' => $username,
'mail' => $email
]);
解决方案2
1 2020-04-27 23:31:19
The attribute used to set the password of an account is unicodePwd .用于设置帐户密码的属性是unicodePwd 。 This attribute can only be set, not read.该属性只能设置,不能读取。
There are some strict requirements about the format of what you put there, which are described in the Microsoft documentation. Microsoft 文档中描述了有关您放在那里的内容的格式有一些严格的要求。 However, the LdapRecord library handles that for you, according to their documentation :但是,根据他们的文档,LdapRecord 库会为您处理:
The password string you set on the users
unicodePwdattribute is automatically encoded, you do not need to encode it yourself.unicodePwd属性上设置的密码字符串是自动编码的,您不需要自己编码。
Their example on how to create an AD user looks like this:他们关于如何创建 AD 用户的示例如下所示:
$user = (new User)->inside('ou=Users,dc=local,dc=com');
$user->cn = 'John Doe';
$user->samaccountname = 'jdoe';
$user->unicodePwd = 'SecretPassword';
$user->userPrincipalName = 'jdoe@acme.org';
$user->save();
// Enable the user.
$user->userAccountControl = 512;
try {
$user->save();
} catch (\LdapRecord\LdapRecordException $e) {
// Failed saving user.
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.