堆栈内存溢出
  简体   繁体   English

PHP / ldap_bind Active Directory无法对OU进行身份验证,但可以使用默认用户组进行身份验证

[英]PHP/ldap_bind Active Directory can't authenticate OU, but can authenticate with default user group

 原文  2012-09-20 20:22:11       php/ ldap

问题描述

Using the following code, I can authenticate any user that is a member of the domain's default Users group. 使用以下代码,我可以验证作为域的默认Users组成员的任何用户。 For example, I created a user, CN=test as listed below.. 例如,我创建了一个用户,CN = test,如下所示。

CN=test,CN=Users,DC=company,DC=lcl CN =测试,CN =用户,DC =公司,DC = LCL

The code that works is.. 有效的代码是.. 

$ldap_resource = ldap_connect( 'company-dc' );
ldap_set_option($ldap_resource, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_resource, LDAP_OPT_REFERRALS, 0);

if( $bind = ldap_bind( $ldap_resource, 'domain\\test', '*******' ) ) {
    die('connected');
}
else {
    die('No connection');
}

When I try to authenticate a user within OU=Office Users,OU=Company,DC=company,DC=lcl it fails with the error Unable to bind to server: Invalid credentials . 当我尝试在OU = Office用户,OU =公司,DC =公司,DC = lcl中对用户进行身份验证时,它失败并显示错误无法绑定到服务器:凭据无效 I have verified that the user and password are correct with multiple users. 我已经验证了多个用户的用户和密码是否正确。

I am using the exact same code as above, the only difference is the username and password, the domain is the same. 我使用与上面完全相同的代码,唯一的区别是用户名和密码,域名是相同的。

Can Authenticate in: 可以验证:

company.lcl company.lcl

-- Users - 用户

Cannot Authenticate in : 无法进行身份验证:

company.lcl company.lcl

--Company - 公司

----Office Users ----办公用户

1 个解决方案

解决方案1
 0  2012-09-24 21:13:53

If the OU changes behavior then you probably have a group policy bound to one OU but not to the other. 如果OU更改了行为,那么您可能将组策略绑定到一个OU但不绑定到另一个OU。 I'm not entirely sure, but I could imagine that a GPO enforces a secure channel for authentication and you need to use LDAP over SSL. 我不完全确定,但我可以想象GPO强制执行安全通道进行身份验证,您需要使用LDAP over SSL。 Can you move one user account from the Users OU to the Company/Office Users OU and see if it stops working (or the other way around)? 您是否可以将一个用户帐户从用户OU移动到公司/ Office用户OU,看看它是否停止工作(或相反)?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ldap_bind():无法绑定到服务器:无法联系LDAP服务器PHP - ldap_bind(): Unable to bind to server: Can't contact LDAP server PHP PHP 警告:ldap_bind():无法绑定到服务器:无法联系 LDAP 服务器 - PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server 无法连接LDAP服务器-ldap_bind()中的问题; - Can't connect LDAP server - issue in ldap_bind(); ldap_bind()失败,并显示“无法联系LDAP服务器” - ldap_bind() fails with “Can't contact LDAP server” 无法通过 SSL 在 php 中针对 Active Directory LDAP 进行绑定? - Can't bind in php against Active Directory LDAP over SSL? ldap_bind()-无法联系LDAP服务器 - ldap_bind() - Can't contact LDAP server 使用PHP ldap_bind函数获取错误“无法联系LDAP服务器” - Getting Error “ Can't contact LDAP server” using PHP ldap_bind function 哪个 Active Directory 的属性对应于 PHP 中的 ldap_bind function 的“bind_password”参数 - Which Active Directory's attribute corresponds to the “bind_password” parameter of the ldap_bind function in PHP 使用php ldap对活动目录进行身份验证时收到错误 - getting error when authenticate against active directory with php ldap PHP LDAP连接可从外部服务器对Active Directory进行身份验证 - PHP LDAP Connection to Authenticate against Active Directory from External Server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM