stackoom
  简体   繁体   中英

PHP - LDAP with SSL fail to bind

 原文  2022-06-07 10:24:16       php/ ssl/ active-directory/ ldap

Question

I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.

# yum install -y php php-ldap
...
# php -m
...
ldap
...

Now the following PHP codes works:

<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
    
if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.

Problem

But then I tried with SSL via port 636 :

<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");

ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {
    $ldaprdn  = 'username';
    $ldappass = 'password';

    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);

print_r($data);
?>

I got this error:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......

What am I missing please?

Note:

  1. We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
  2. Server certificate is valid.

1 answers

solution1
 0 ACCPTED  2022-07-22 04:07:02

I figured out the ldap_connect should be as below:

ldap_connect("ldaps://dc.example.com:636")

And then all of sudden it worked!

Note: If it is on Apache, it is worth restarting it after changing to above code.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php LDAP bind on secure remote server Windows fail Can't bind in php against Active Directory LDAP over SSL? Php Ldap Sanitizing and ldap bind PHP: ldap_bind gives 500 Internal Server Error when binding with SSL but not regular bind PHP ldap bind issue php ldap bind warning PHP ldap_bind “exception” ldap_bind PHP authentication PHP cannot anonymously bind to LDAP PHP ldap_bind error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM