堆栈内存溢出
  简体   繁体   English

PHP - 带有 SSL 的 LDAP 无法绑定

[英]PHP - LDAP with SSL fail to bind

 原文  2022-06-07 10:24:16       php/ ssl/ active-directory/ ldap

问题描述

I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.我在 CentOS 7 上有 PHP 7.0。我也安装了php-ldap模块。

# yum install -y php php-ldap
...
# php -m
...
ldap
...

Now the following PHP codes works:现在以下 PHP 代码可以工作:

<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
    
if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

That works!这样可行! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.我可以连接、绑定,甚至搜索用户名johndoe并成功查看他的整个 AD 配置文件。

Problem问题

But then I tried with SSL via port 636 :但后来我尝试通过端口636使用 SSL:

<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

I got this error:我收到了这个错误:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......

What am I missing please?请问我错过了什么?

Note:笔记:

  1. We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.我们在 Windows AD 服务器上打开了 636 端口,可以从这个 PHP Web 服务器访问它。
  2. Server certificate is valid.服务器证书有效。

1 个解决方案

解决方案1
 0 已采纳  2022-07-22 04:07:02

I figured out the ldap_connect should be as below:我发现ldap_connect应该如下所示:

ldap_connect("ldaps://dc.example.com:636")

And then all of sudden it worked!然后突然之间它起作用了!

Note: If it is on Apache, it is worth restarting it after changing to above code.注意:如果它在 Apache 上,则值得在更改为上述代码后重新启动它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安全远程服务器Windows上的php LDAP绑定失败 - php LDAP bind on secure remote server Windows fail 无法通过 SSL 在 php 中针对 Active Directory LDAP 进行绑定? - Can't bind in php against Active Directory LDAP over SSL? Php ldap 消毒和 ldap 绑定 - Php Ldap Sanitizing and ldap bind PHP:ldap_bind 在使用 SSL 绑定时给出 500 Internal Server Error 而不是常规绑定 - PHP: ldap_bind gives 500 Internal Server Error when binding with SSL but not regular bind PHP ldap绑定问题 - PHP ldap bind issue php ldap绑定警告 - php ldap bind warning PHP ldap_bind“例外” - PHP ldap_bind “exception” ldap_bind PHP身份验证 - ldap_bind PHP authentication PHP无法匿名绑定到LDAP - PHP cannot anonymously bind to LDAP PHP ldap_bind错误 - PHP ldap_bind error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM