So, I have an LDAP directory with Okta set up. I am having trouble connecting to it using PHP. Here's my code:
$domain = 'phishingboxdecember15thaccount.ldap.okta.com';
$username = 'USERNAME';
$password = 'PASSWORD';
$ldapconfig['host'] = '44.234.52.17'; // I got this by pinging the domain. I guess that's correct?
$ldapconfig['port'] = 636;
$ldapconfig['basedn'] = 'dc=phishingboxdecember15thaccount,dc=okta,dc=com';
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$dn="ou=users,".$ldapconfig['basedn'];
$bind=ldap_bind($ds, $username .'#' .$domain, $password);
print_r($bind);
$isITuser = ldap_search($bind,$dn,'(&(objectClass=User)(sAMAccountName=' . $username. '))');
if ($isITuser) {
echo("Login correct");
} else {
echo("Login incorrect");
}
Yet this never works. Always get "Login incorrect", and I am certain that I'm using the correct password (although, I'm not sure about the username part - I just use the username I enter to login to my Okta admin account, I'm assuming that's correct?).
Do you have any ideas/tips on how I can connect to the Okta LDAP using PHP?
The settings you need are in the documentation here. The one that jumps out to me is the host should be of the form <org_subdomain>.ldap.okta.com as you have in the domain variable.
I think your search will need to be tweaked to:ldap_search($bind,$dn,'(&(objectClass=inetOrgPerson)(uid=' . $username. '))'); but that won't be stopping your login.
Related
I have a php file that connects and binds to AD with a service account no problem on that.
I have an HTML form asking for user name and password.
I need a way to verify the user's credentials against AD
when the user enters their user name and password in the form.
I cannot use the ldap_bind function, because our users don't have the permission to do that.
Suppose PHP has an auth class, but I cannot figure out how to get it to work. Can anyone help me with that? If auth class doesn't work, what other codes can I use to verify credentials and add it to my PHP page?
The following is my php page:
<?php
// Connect to AD========================================================
include('studentFormAuth.html');
$ldapusername = 'service_account_name';
$ldappassword = "service_account_password";
$server = 'xx.xx.xx.xx';
$domain = '#abc.com';
$port = 389;
$connection = ldap_connect($server, $port);
if (!$connection) {
exit('Connection failed');
}
// Settings for AD======================================================
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
$bind = #ldap_bind($connection, $ldapusername.$domain, $ldappassword);
if (!$bind) {
exit('Binding failed');
}
// Verify user credentials auth function=============================================
$auth = new Auth($connection, $_POST['usern'].$domain, $_POST['password']);
// begin validation
$auth->start();
if ($auth->getAuth()) {
// content for validated users
echo 'user name is: ' $_POST['usern'].$domain;
} else {
echo 'Cannot verify user';
}
// log users out
$auth->logout();
I made login via LDAP, but I would like only 3 people to access the site.
They are members of different groups, and I do not want to give permission to the whole group.
How to make a $username comparison with specific AD usernames? I try this but not working...
$username = strip_tags($_POST['username']);
$password = stripslashes($_POST['password']);
$account_suffix = 'domain';
$hostname = 'ldap://hostname';
$con = ldap_connect($hostname);
if (!is_resource($con)) trigger_error("Unable to connect to $hostname",E_USER_WARNING);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
if (!$username = 'specific_usersname') die("HTTP Error 401.1 - Unauthorized: Access is denied");
if (ldap_bind($con,$username . $account_suffix, $password)) echo 'Access granted!';
else echo 'Access Denied!';
I want to use my system login password to php login page. So that i used the LDAP concept in my project. I have mentioned below my coding, that is everything fine. But When i run this code, the result shows "Invalid user". I don't know why this was showing wrongly.
$ldaphost = 'abc.co.in';
$ldapport = '389';
$username = '4444';
$password = '4444pass';
$ldap = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$user = "uid=$username,dc=abc,dc=co,dc=in";
$bind = #ldap_bind($ldap, $user, $password);
if ($bind) {
echo "<br />Valid user";
} else {
$msg = "<br />Invalid user";
echo $msg;
}
Below the result:
What is fault in my code or i need to anything add?
Please find and solve this request. That will more helpful to me.
Thank you advance...
This is how my ldap thing works. change your ldap host to be either "ldap://abd.asd.co:389' or "ldaps://asd.basd.co:636".
function verify_user() {
$user = $_REQUEST['user'];
$passwd = $_REQUEST['pass'];
// Bind to LDAP to check is user is valid
$server = "ldaps://ldap.server.com:636";
$dn = "uid=$user, ou=People, ou=something, dc=other, dc=whatever";
// Create a fake password if needed to keep people from anonymously
// binding to LDAP
if($passwd == '') { $passwd = "p"; }
$ldap = ldap_connect($server) or die("Can't connect to LDAP server!");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($ldap);
if($ldap) {
$bnd = #ldap_bind($ldap, $dn, stripslashes($passwd));
if(!$bnd) {
sleep(5);
echo "<br>Error: Bad Username or Password!<br>";
exit;
}
}
header("Location: {$_REQUEST['url']}"); /* Redirect browser */
exit;
}
My company recently changed domains due to an ownership change and I am having an issue getting my LDAP bind to complete on the new domain.
My connect command creates the resource correctly but when I go to bind I get the error.
"Warning: ldap_bind(): Unable to bind to server: Strong(er) authentication required"
I am not using ldaps. I have confirmed I have the correct domain url for LDAP.
$ad is the resource, $dmun is the username with domain added and the $pw is the password.
$bd = ldap_bind($ad,$dmun,$pw);
It's an intranet site.
Try This code. This code worked for me
$username = 'username';
$password = 'password';
$ldap_host = "domain.com";
$ldap_port = 389;
$base_dn = "DC=domain,DC=com";
$filter = '(sAMAccountName=' . $username . ')';
$connect = ldap_connect($ldap_host, $ldap_port) or exit("Error : Could not connect to LDAP server.");
if ($connect) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (#$bind = ldap_bind($connect, "$username#domain.com", $password)) {
echo "Bind Successfull";
} else {
echo "Invalid Username / Password";
}
}
I have put together a basic web-app, the actual web-app itself works fine. However I wanted to add user authentication using our existing ldap server. The ldap script seems to work intermittently though, when logging in the first few attempts will fail with the 'access denied' message then it will authenticate. I ran the script stand alone without the app and the same behavior applies.
I cant seem to tie the problem down anywhere, I can only assume it is occuring on the ldap side and not the php side. I have included the script below, any help would be great.
While writing this, it failed to auth 3 times and passed twice...
<?php
$user = $_POST['login-name'];
$password = $_POST['login-pass'];
$ldap_user = 'uid='.$user.',ou=people,dc=ourdomain,dc=com,dc=au';
$ldap_pwd = $password;
$ldaphost = 'ldap://ldapserver.domain.com';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = $ldap_user;
$upasswd = $password;
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{
//print "Congratulations! $username is authenticated.";
header('Location: message.html');
}
else
{print "Access Denied!";}
}
?>
You probably should set the LDAP-protocol version to 3 using
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
before calling ldap_bind().
I've found this at http://php.net/manual/de/function.ldap-bind.php#72795