AD/LDAP: “Invalid Username/Password” after click button login
Question
Currently, I do the login page. This login page needs authentication from Active Directory (AD). Thus, I use LDAP Method. Although I enter the correct username and password, It still shows the message "Invalid username or password".
And below is the basic php code.
home.php
<html>
<head>
<style>
body{
text-align:center;
}
form{
margin: 0 auto; width:500px;
}
input{
padding: 10px; font-size: 20px;
}
</style>
</head>
<body>
<h1>Authentication</h1>
<form action="ldap.php" method="post">
<input type="text" name="username" /><br><br>
<input type="password" name="password" /><br><br>
<input type="submit" value="Login" /><br>
</form>
</body>
</html
ldap.php
<?php
$ldap_dn = "uid=".$_POST["username"].",CN=TG Work Flow,OU=New User,DC=topglove,DC=tg,DC=local";
$ldap_password = $_POST["password"];
$ldap_con = ldap_connect("ldap://172.16.10.43:389");
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
if(@ldap_bind($ldap_con,$ldap_dn,$ldap_password))
echo "Authenticated";
else
echo "Invalid Credential";
?>
1 answers
solution1
0 2019-10-15 13:25:30
The problem is how you are building $ldap_dn . Distinguished Names for accounts always start with CN= . AD doesn't use uid , like other LDAP implementations might.
But the account's DN is not guaranteed to be CN=username either. The "username" is the sAMAccountName attribute in AD.
The fact is, at this point, you don't know what the DN for the account is. But the good news is that you don't need to know. AD allows you to authentication with just the username, however, you might need to include the domain name.
Try this:
$ldap_dn = $_POST["username"]
or this (replace DOMAIN with your domain name):
$ldap_dn = "DOMAIN\\".$_POST["username"]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.