I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.
# yum install -y php php-ldap
...
# php -m
...
ldap
...
Now the following PHP codes works:
<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.
Problem
But then I tried with SSL via port 636:
<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
I got this error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......
What am I missing please?
Note:
We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
Server certificate is valid.
I figured out the ldap_connect should be as below:
ldap_connect("ldaps://dc.example.com:636")
And then all of sudden it worked!
Note: If it is on Apache, it is worth restarting it after changing to above code.
Related
I've been stuck at this step for days.
I'm successfully connecting to my LDAP server from a client-server using LDP.exe over port 636, so I'm
connecting securely. I've configured a self-signed certificate from CA on the LDAP server and also have it placed on the client-server, which allows me to do the step above.
However, when I run my PHP script, it's unable to bind, even though ldp.exe can do it without problems. The error logs on the LDAP server shows this when I run my script:
Internal event: An LDAP over Secure Sockets Layer (SSL) connection
could not be established with a client. Client network address:
################## Protocol: TCP Additional Data Error value: 2148074277 The certificate chain was issued by an authority that is
not trusted.
Here is my code:
<?php
echo "Hello <br>";
var_dump(openssl_get_cert_locations());
// using ldap bind
$ldaprdn = "****"; // ldap rdn or dn
$ldappass = "****"; // associated password
$ldaphost = "ldaps://****************";
// connect to ldap server
$ldapconn = ldap_connect($ldaphost)
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
echo "$ldapconn </br>";
echo ldap_error($ldapconn);
echo "</br>";
if ($ldapconn) {
//$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
var_dump(#ldap_bind($ldapconn, $ldaprdn, $ldappass));
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
echo ldap_error($ldapbind);
}
?>
I am trying to do LDAP authenticate with certificate in AWS Beanstalk and EC2 (PHP 8.0 running on 64bit Amazon Linux 2/3.3.4).
.pem certificate is in /etc/openldap/certs
My PHP Code as follows :
$ldaprdn = 'username#dc1.dc2';
$ldappass = 'password';
$ldapconn = ldap_connect("ldaps://ldaps.hostname.com:636")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = #ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...\n";
} else {
echo "LDAP bind failed...\n";
}
}
echo "ldap_error: " . ldap_error($ldapconn);
ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $err);
echo "ldap_get_option: $err";
I get the following warning:
Warning: ldap_start_tls(): Unable to start TLS: Operations error in /var/app/current/auth1.php on line 26 ldap_error: Operations errorldap_get_option: 00000000: LdapErr: DSID-0C09128B, comment: TLS or SSL already in effect, data 0, v3839 Warning: ldap_search(): Search: Operations error in /var/app/current/auth1.php on line 48 Error - Operations error
I was trying to check authentication with Active Directory in php. I tried the below code but I am getting an error. I followed the link https://www.php.net/manual/en/function.ldap-bind.php .
Code:
<?php
// using ldap bind
$ldaprdn = 'Administrator'; // ldap rdn or dn
$ldappass = '****'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldap://dc1.example.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
Error :
PHP Warning: ldap_bind(): Unable to bind to server: Invalid
credentials in /root/ldap1.php on line 14 LDAP bind failed...
I'm using Centos 7, and I'm having "Can't contact LDAP server" error when using php ldap_bind() function. I've tried ldapsearch and it connected successfully. I'm not sure how to solve the issue. Any help is welcome.
$ldaphost = "HOST";
$ldapport = PORT;
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldapconn = ldap_connect($ldaphost, $ldapport);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn);
if (!$ldapbind) {
echo ldap_error($ldapconn);
}
else {
echo "it finally workd";
}
}
ldap_close($ldapconn);
And my command line ldapsearch is
ldapsearch -h HOST -p PORT
I want to use the following php script to retrieve AD Users (Windows 2008R2) who have the "proxyAddresses" attribute set:
<?php
$ldaprdn = 'ldapbind#test.net';
$ldappass = 'testpass';
$ldapconn = ldap_connect("ldap://10.1.20.254:389")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...\n";
$result = ldap_search($ldapconn, "CN=Users,DN=test,DN=net", "(proxyAddresses=*)")
or die ("Error in serach query: " . ldap_error($ldapconn));
$data = ldap_get_entries($ldapconn, $result);
print_r($data);
} else {
echo "LDAP bind failed...";
}
}
?>
It binds successful, but then i get warning and error message:
PHP Warning: ldap_search() Operations error in ..... on line .. (the ldap_search line)
and
Error in search query: Operations error
When i execute an ldapsearch on the console:
ldapsearch -h 10.1.20.254 -p 389 -D 'ldapbind#test.net' -w 'testpass' -b 'CN=Users,DC=test,DC=net' '(proxyAddresses=*)' cn proxyAddresses mail
i get the desired results.
It's running on "CentOS release 6.4 (Final).
Thanks in advance