LDAP在PHP中对用户进行身份验证
[英]LDAP Authenticating user in PHP
问题描述
I'm building an authentication script from PHP to LDAP. 
我正在构建从PHP到LDAP的身份验证脚本。 My problem is that I don't really know how to check for the user if the user isn't my admin. 我的问题是,如果该用户不是我的管理员,我真的不知道如何检查该用户。
I don't really understand ldap_bind - here I can only login as my admin user, but then I can search for other users in my ou, but I don't know how to check their password. 我不太了解ldap_bind在这里我只能以管理员用户身份登录,但是随后我可以在自己的ou中搜索其他用户,但是我不知道如何检查他们的密码。
What I have so far: 到目前为止,我有:
function login($up, $pw){
$ldap = ldap_connect("dejan.local") or die("Could not connect to LDAP server.");
if ($ldap){
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
//if I try $up and $pw here, I get an error
if ($bind = ldap_bind($ldap, "Admin", "Somepassword")){
$sr = ldap_search($ldap, "ou=testunit,DC=dejan,DC=local", "samaccountname=$up");
$info = ldap_get_entries($ldap, $sr);
//so here I've gotten information from the user $up
//but I would like to check if his password matches and then get his information
}
}
}
I've looked at some sort of auth scripts from others and they check the information through ldap_bind , but I can only connect with my admin user. 我查看了其他人的某种身份验证脚本,它们通过ldap_bind检查信息,但是我只能与管理员用户连接。
1 个解决方案
解决方案1
1 已采纳 2012-08-11 23:04:07
I believe the only change you need to make is: 我相信您需要做的唯一更改是:
if ($bind = ldap_bind($ldap, "$up@dejan.local", $pw)){
Which will make the request local to the specific domain. 这将使请求本地化到特定域。 With Active Directory (which is somewhat different, blame Kerberos), you have to provide a context for login. 使用Active Directory(有些不同,怪怪的Kerberos),您必须提供登录上下文。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.