HI Am trying to connect and unbind the server and port ldap connection using php.
Here is my code:
$hostname = 'ldaps://www.google.com';
$port = 636;
echo "ldap check";
$lp = ldap_connect($hostname,$port);
echo "servername";
echo $_SERVER['PHP_AUTH_USER'];
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($bind = #ldap_bind($lp, $username.$hostname, $password)){
echo "Hello";
ldap_unbind($lp,$username,$password);
}
Failure:
But am not connecting with the ldap connection.PLease help me to fix the code.
When I read your code right, there are two issues:
The port you are giving will never be used in the ldap_connect. The docs clearly state that using the port as second argument to ldap_connect is deprecated and will only be used when you pass a servername or IP. But you are passing a URI, so that needs to include the port as well.
You are trying to bind as $username . $hostname. So you are tying to conntect 'someuser' as someuserldaps://www.google.com - I doubt that that will ever work. You probably want something like someuser#www.google.com...
Related
I have put together a basic web-app, the actual web-app itself works fine. However I wanted to add user authentication using our existing ldap server. The ldap script seems to work intermittently though, when logging in the first few attempts will fail with the 'access denied' message then it will authenticate. I ran the script stand alone without the app and the same behavior applies.
I cant seem to tie the problem down anywhere, I can only assume it is occuring on the ldap side and not the php side. I have included the script below, any help would be great.
While writing this, it failed to auth 3 times and passed twice...
<?php
$user = $_POST['login-name'];
$password = $_POST['login-pass'];
$ldap_user = 'uid='.$user.',ou=people,dc=ourdomain,dc=com,dc=au';
$ldap_pwd = $password;
$ldaphost = 'ldap://ldapserver.domain.com';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = $ldap_user;
$upasswd = $password;
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{
//print "Congratulations! $username is authenticated.";
header('Location: message.html');
}
else
{print "Access Denied!";}
}
?>
You probably should set the LDAP-protocol version to 3 using
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
before calling ldap_bind().
I've found this at http://php.net/manual/de/function.ldap-bind.php#72795
I am attempting to connect to a mysql database using the c9.io development environment. I have followed their documentation and have seen multiple links, 1, 2 and 3.
I verified the mysql service is running. I also verified the PDO extension was installed via phpinfo(). Here is my current code:
$ip = getenv("REMOTE_ADDR");
$port = '3306';
$user = "username";
$db = "c9";
try{
$con = new PDO("mysql:host=$ip;port=$port;dbname=$db;charset=utf8",$user,"");
}
catch(Exception $e){
echo $e->getMessage();
}
I get the error Can't connect to MySQL server on '10.240.x.x' (111)
If i try localhost as host, I get the error Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
I also followed a comment from the second link above: echo $IP in the terminal which returns 0.0.0.0
Any assistance appreciated.
You were on the right track. On https://docs.c9.io/setting_up_mysql.html it says use $IP for host. You can use getenv("IP") instead or use its value: 0.0.0.0. That should work.
Please try something like:
$dbname = 'c9';
$ip = getenv('IP');
$user = getenv('C9_USER');
mysql_connect($ip, $user, '') or die('Could not connect to mysql');
I have serious trouble figuring out which credentials to use to connect to the ad in php.
I can connect successfully using ldp.exe with generic function type and the right domain, user, and password. With any other option set in ldp.exe I can only connect anonymous.
In php I have no chance. I'm not very familiar with ldap, so I am kinda lost here.
Here some php code:
$ldap_host = "ldap://<dc>:389";
$ldap_user = "<username>";
$ldap_pw = "<pw>";
$ldap_domain = "<full domain>";
$connection = ldap_connect($ldap_host) or die("Could not connect to LDAP server.");
//$user = $ldap_user;
$user = $ldap_user."#".$ldap_domain;
//$user = $ldap_user;
//$user = "uid=".$ldap_user;
//$user = $ldap_domain."\\".$ldap_user;
//$user = "User=$ldap_user";
//$user = "cn=".$ldap_user;
//$user = "CN=".$ldap_user.",OU=<someOU>,OU=<someOU>,DC=<DC1>,DC=<DC2>";
ldap_bind($connection, $user, $ldap_pw);
You can see there some combinations I tried. In ldp.exe it is just the $ldap_user in the username field and $ldap_domain in the domain field. Imho atleast the user#domain and domain\user version should work. It is a kerberos domain, if thats important.
Well I don't think there are code errors. But how do I translate the generic function type of ldp.exe into php?
Here the error message to make it easier to find:
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in ...
I would really appreciate some help.
EDIT: In ldp.exe I seem to use the SSPI method. I thought generic picks the method it self so far. Does it have something to do with ldap_sasl_bind() ? The server specifies on connection he is capable of the following:
supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
While only GSSAPI (SSPI ????) seems to work.
EDIT2: Here some other output of ldp.exe after an successful authentication:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='<username>'; Pwd= <unavailable>; domain = '<full domain'.}
Authenticated as dn:'<username>'.
Try specifying the port as well into a variable
$ldapPort = 389;
I would ignore the host part and just try connecting to your server (you have it as domain) Check to see if your ldap bind is working
// Handle login requests
$ds = ldap_connect($ldapServer, $ldapPort);
if (ldap_bind($ds, $user, $password)) {
// Successful auth
$_SESSION['lastactivity'] = time();
$_SESSION['username'] = $user;
$_SESSION['password'] = $password;
return $ds;
} else {
// Auth failed
header("Location: failpage.php?fail=1"); //bad credentials
exit;
}
Also for calling all the attributes, try http://blog.uta.edu/jthardy/2007/08/08/obtaining-user-information-from-ldap-using-php/
I have some code that uses PHP and LDAP to connect to AD:
$host = 'ldap://stack.overflow.com';
$port = 389;
$username = 'stackOverflow';
$password = 'IaMP4ssWord';
$dn = 'CN=Users, DC=STACK, DC=OVERFLOW, DC=COM';
$cond = '(&(objectcategory=user)(displayname=*))';//All users that have a displayname
if($ldap = ldap_connect($host, $port))
{
if(ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3))
{
if(ldap_bind($ldap, $username, $password))
{
$attrs = array('displayname', 'mail');
if($rs = ldap_search($ldap, $dn, $cond, $attrs))
{
$results = ldap_get_entries($ldap, $rs);
echo "<pre>";print_r($result);echo "</pre>";//Print the results
}
}
else
{ echo 'Binding failed';}
}
else
{ echo 'Setting options failed';}
}
else
{ echo 'Connection failed'; }
Now this code works just fine. It print out every user that has a displayname in AD.
Problem is for the username/password binding i am using my own user credential to bind to the server.
I would like to know if there is a way to bind using the servers credentials.
I am setup using PHP 5.3 + IIS on windows server 2008 R2 for both the server with IIS and the one that has AD.(two different VM).
I also know that IIS has a AD account named IISStackOverflow but I don't know the password or even if it has a password...
Thanks!
Oh! I tried changing $username to IISStackOverflow and $password to ''
But it gave invalid credential error.
--EDIT--
Do I have to do the binding part at all? (If I am only reading data)
As you run it from server itself, and you just want to read I would try to use :
...
if(ldap_bind($ldap))
...
According to PHP documentation if bind_rdn and bind_password are not specified, an anonymous bind is attempted.
Then if your anonymous logon is refused (this should not be, because running under IIS on the server your code is at least executed as a domain user) you will find there how to enable anonymous LDAP binds to Windows Server. This used to work forme on W2K8, Inever test it on W2K12.
if (!empty($_POST)) {
$host = $_POST['host'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$db = $_POST['db'];
echo '<pre>';
print_r($_POST);
$con = #mysqli_connect($host . ":3360", $user, $pass, $db);
// $con=#mysqli_connect('192.168.100.42','root','vertrigo','skates');
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else {
echo 'connected';
}
#mysqli_close($con);
}
I'm using this script to access remote db server in local(basically i want to access local db server through live webiste), howewer, I'm getting an error:
Failed to connect to MySQL: Unknown MySQL server host
'192.168.100.42:3360' (11004)
Please help to get out from this.
192.168.100.42 looks like a local IP. You'd need to try to connect to your static public IP and then forward port 3306 in your router to the 192.168.100.42 machine.
That's not your only problem;
Just because $_POST is not empty, don't assume it has those array keys set and not empty. Syntax like
if(isset($_POST['user'] && !empty($_POST['user'])))
Is much better.
Also, never use $_POST on any database interaction without sanitisation, and never connect to a database with the root user.
I don't know your exact application, but it's impossibly insecure.