Using the following code, I can authenticate any user that is a member of the domain's default Users group. For example, I created a user, CN=test as listed below..
CN=test,CN=Users,DC=company,DC=lcl
The code that works is..
$ldap_resource = ldap_connect( 'company-dc' );
ldap_set_option($ldap_resource, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_resource, LDAP_OPT_REFERRALS, 0);
if( $bind = ldap_bind( $ldap_resource, 'domain\\test', '*******' ) ) {
die('connected');
}
else {
die('No connection');
}
When I try to authenticate a user within OU=Office Users,OU=Company,DC=company,DC=lcl it fails with the error Unable to bind to server: Invalid credentials . I have verified that the user and password are correct with multiple users.
I am using the exact same code as above, the only difference is the username and password, the domain is the same.
Can Authenticate in:
company.lcl
-- Users
Cannot Authenticate in :
company.lcl
--Company
----Office Users
If the OU changes behavior then you probably have a group policy bound to one OU but not to the other. I'm not entirely sure, but I could imagine that a GPO enforces a secure channel for authentication and you need to use LDAP over SSL. Can you move one user account from the Users OU to the Company/Office Users OU and see if it stops working (or the other way around)?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.