AD on Windows Server 2012 + Windows LDAP + PHP Bind
Question
I've set up Active Directory and ADLDAP on Windows server 2012. I'm trying a simple ldap_bind but continue to have a "invalid credentials" error spit back to me.
In my AD Users and Groups screen, I clearly see the domain I made along with the OU (organizational unit) and users inside of it. ASDI Edit clearly tells me the DN for that user:
CN=Bob Smith,OU=Accounting,DC=mydomain,DC=net
Further, the BaseDN is clearly told to me in ASDI Edit because it's above the OU group "accounting" -
DC=mydomain,DC=net
Now onto my script - which throws no LDAP connect errors, only on bind, with a constant invalid credentials:
$connectionLDAP = "LDAP://localhost:54126";
$basedn = 'DC=mydomain,DC=net';
$ldap = ldap_connect($connectionLDAP) or die("Could not connect to LDAP server.");
$username = $post['username'];
$password = $post['password'];
$usernameForBind = "CN=".$username.",OU=Accounting,".$basedn;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($ldap, $usernameForBind, $password);
This spits the following warning, and of course my script ends there since there is no positive match to username and password found:
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in C:\....\login.php on line 41
And the below error echos produce this:
echo(ldap_error($ldap)."<br>");
echo(ldap_errno($ldap)."<br>");
Invalid credentials
49
I have tried every combination of DN, username, email address, mydomain\\username without the rest of the DN info, everything I can think of....but for the life of me it won't take, and google + Stack searches unfortunately aren't helping me at the moment get past this.
Thanks for any assistance.
1 answers
solution1
0 2018-02-12 05:55:14
You are using Active directory on Windows, So please change your code to following It would work. Because AD need @domain_name as username suffix in bind function.
$connectionLDAP = "ldap://localhost";
$basedn = '@mydomain.net';
$ldap = @ldap_connect($connectionLDAP, 54126) or die("Could not connect to LDAP server.");
$username = $post['username'];
$password = $post['password'];
$usernameForBind = $username.$basedn;
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $usernameForBind, $password);
I've tested such scenarios many times, It works for AD.
And also Please make sure that your AD server is running on the same port you're using in code ie. 54126.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.