stackoom
  简体   繁体   中英

PHP LDAP binding AD with the server's user account

 原文  2014-07-30 14:11:56       php/ iis/ active-directory/ ldap

Question

I have some code that uses PHP and LDAP to connect to AD: 

$host = 'ldap://stack.overflow.com';
$port = 389;
$username = 'stackOverflow';
$password = 'IaMP4ssWord';
$dn = 'CN=Users, DC=STACK, DC=OVERFLOW, DC=COM';
$cond = '(&(objectcategory=user)(displayname=*))';//All users that have a displayname

if($ldap = ldap_connect($host, $port))
{
    if(ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3))
    {
        if(ldap_bind($ldap, $username, $password))
        {
            $attrs = array('displayname', 'mail');
            if($rs = ldap_search($ldap, $dn, $cond, $attrs))
            {
                $results = ldap_get_entries($ldap, $rs);
                echo "<pre>";print_r($result);echo "</pre>";//Print the results
            }
        }
        else
        { echo 'Binding failed';}
    }
    else
    { echo 'Setting options failed';}
}
else
{ echo 'Connection failed'; }

Now this code works just fine. It print out every user that has a displayname in AD. Problem is for the username/password binding i am using my own user credential to bind to the server.

I would like to know if there is a way to bind using the servers credentials.

I am setup using PHP 5.3 + IIS on windows server 2008 R2 for both the server with IIS and the one that has AD.(two different VM).

I also know that IIS has a AD account named IISStackOverflow but I don't know the password or even if it has a password...

Thanks!

Oh! I tried changing $username to IISStackOverflow and $password to ''

But it gave invalid credential error.

--EDIT--

Do I have to do the binding part at all? (If I am only reading data)

1 answers

solution1
 2 ACCPTED  2014-07-31 05:08:15

As you run it from server itself, and you just want to read I would try to use : 

...
if(ldap_bind($ldap))
...

According to PHP documentation if bind_rdn and bind_password are not specified, an anonymous bind is attempted.

Then if your anonymous logon is refused (this should not be, because running under IIS on the server your code is at least executed as a domain user) you will find there how to enable anonymous LDAP binds to Windows Server . This used to work forme on W2K8, Inever test it on W2K12.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP user authentication and security methods: LDAP-AD, and SQL Server Find user in AD LDAP Is possible get the user logged in a WinServer AD with PHP ldap? How to obtain AD user credentials from computer with Apache, PHP and LDAP AD on Windows Server 2012 + Windows LDAP + PHP Bind Change user's distinguishedname using LDAP and PHP Anyway to check if a user account is locked via PHP/LDAP? get LDAP server ip(s) by php querying AD using ldap / php PHP checking XenForo user's account data
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM