$username = $_POST['username'];
$password = $_POST['password'];
$ldaphost = "ldaps://corpldap.xxx.net";
$ldapUsername = "cn=$username,ou=people,dc=xxx,dc=net";
$ldapPassword = "$password";
$ds = ldap_connect($ldaphost,636) or die("\r\nCould not connect to LDAP server\r\n");
echo $ds; //this output 'Resource id #21'
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
print "Could not set LDAPv3\r\n";
} else {
// now we need to bind to the ldap server
echo 'success'; //echo success output
$bth = ldap_bind($ds) or die("\r\nCould not connect to LDAP server\r\n");
}
I get 'Resource id #21 success
Could not connect to LDAP server'
so ldap_bind is failing
stack trace on error log:
PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
How can i fix this? Please help.
Please note: i also tried $ldaphost = "ldaps://corpldap.xxx.net:636";
I also tried echoing php_info() which shows ldap enabled.
Related
I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.
# yum install -y php php-ldap
...
# php -m
...
ldap
...
Now the following PHP codes works:
<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.
Problem
But then I tried with SSL via port 636:
<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
I got this error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......
What am I missing please?
Note:
We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
Server certificate is valid.
I figured out the ldap_connect should be as below:
ldap_connect("ldaps://dc.example.com:636")
And then all of sudden it worked!
Note: If it is on Apache, it is worth restarting it after changing to above code.
I've got the following test script running well (returns a 200 HTTP response) on my local machine (Windows 7 with PHP 5.6). However, when I move this script to our Linux dev server (PHP 5.6, with LDAP enabled), ldap_error() returns with the error: "Encoding error" from the LDAP server (via PHP).
I cannot figure out why this would be. The LDAP server is running LDAP version 3 (UTF-8 charset by default). I tried adding ini_set('default_charset', 'UTF-8'); at the top of my script to ensure that I was sending UTF-8 passwords/usernames. I also tried wrapping my user/pass in utf8_encode() but this didn't seem to make any difference. The script still worked well on my local machine, but did not on the Linux dev server.
Does anyone has experience with this error? I'm starting to think that this may not be an encoding issue. Could it be an SSL issue? I don't have an SSL cert installed on my localhost and the LDAP server accepts connections on port 389 (the default LDAP port) and over ldaps.
Thanks for your help.
<?php
ini_set('default_charset', 'UTF-8');
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if (empty($_POST['username']) || empty($_POST['password'])) {
header('HTTP/1.0 500 Internal Server Error');
die('No credentials sent. Send a POST request with credentials.');
}
$username = $_POST['username'];
$password = $_POST['password'];
// https://stackoverflow.com/a/7586808/1171790
putenv('LDAPTLS_REQCERT=never');
// https://stackoverflow.com/questions/24522383/php-ldap-opt-debug-level-7-not-tracing
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
//$ldap = ldap_connect('ldaps://idir.bcgov:636');
$ldap = ldap_connect('ldap://idir.bcgov:389');
$ldaprdn = 'idir'.'\\'.$username;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = #ldap_bind($ldap, $ldaprdn, $password);
if (ldap_error($ldap) !== 'Success') {
header('HTTP/1.0 500 Internal Server Error');
echo 'ldap_error(): '.ldap_error($ldap).PHP_EOL;
ldap_get_option($ldap, LDAP_OPT_ERROR_STRING, $err);
echo "ldap_get_option (LDAP_ENCODING_ERROR): $err".PHP_EOL;
ldap_get_option($ldap, LDAP_OPT_DEBUG_LEVEL, $err2);
echo "ldap_get_option (LDAP_OPT_DEBUG_LEVEL): $err2".PHP_EOL;
}
// Check if we have a connection.
// Did our LDAP connection get bound with the credentials provided?
// If not, perhaps the credentials are incorrect???
if ($bind) {
echo 'Holy geez! LDAP is bound!'.PHP_EOL;
$user = array();
$filter = "(sAMAccountName=$username)";
$result = ldap_search($ldap, "DC=idir,DC=BCGOV", $filter);
// Sort the returned results from Active Directory.
ldap_sort($ldap, $result, "sn");
// The user's info/data.
$info = ldap_get_entries($ldap, $result);
for ($i = 0; $i < $info["count"]; $i++) {
if ($info['count'] > 1) {
break;
}
$user['distinguishedname'] = $info[$i]['distinguishedname'][0];
}
// Close the connection to LDAP.
#ldap_close($ldap);
print_r($user);
} else {
// Our credentials did not validate.
header('HTTP/1.0 500 Internal Server Error');
die('Could not bind to LDAP.');
}
My company recently changed domains due to an ownership change and I am having an issue getting my LDAP bind to complete on the new domain.
My connect command creates the resource correctly but when I go to bind I get the error.
"Warning: ldap_bind(): Unable to bind to server: Strong(er) authentication required"
I am not using ldaps. I have confirmed I have the correct domain url for LDAP.
$ad is the resource, $dmun is the username with domain added and the $pw is the password.
$bd = ldap_bind($ad,$dmun,$pw);
It's an intranet site.
Try This code. This code worked for me
$username = 'username';
$password = 'password';
$ldap_host = "domain.com";
$ldap_port = 389;
$base_dn = "DC=domain,DC=com";
$filter = '(sAMAccountName=' . $username . ')';
$connect = ldap_connect($ldap_host, $ldap_port) or exit("Error : Could not connect to LDAP server.");
if ($connect) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (#$bind = ldap_bind($connect, "$username#domain.com", $password)) {
echo "Bind Successfull";
} else {
echo "Invalid Username / Password";
}
}
I am trying to connect to a remote LDAP server from a local Ubuntu VM Box on my Windows machine. The PHP code is:
$ldap = ldap_connect("ldaps://11.22.33.44",636);
ldap_set_option ($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$username = "domain\usr";
$password = "blah";
$ds = ldap_bind($ldap, $username, $password );
if( $ds ){
echo "logged in!";
}
else{
echo "failed to log in!";
exit;
}
When running this I get the 'logged in!' message, so I'm assuming that the connection is working. However, when I run this PHP code afterwards:
$sr = ldap_search($ds, "OU=User Accounts,DC=Domain1,DC=foobar,DC=Local", "(|(sn=*))");
I get this error:
Warning: ldap_search(): supplied argument is not a valid ldap link resource in /usr/share/nginx/www/ldap_test.php on line 37
(which refers to the line that contians the ldap_search command. This doesn't make sense if the connection is successful and a link resource is created - any ideas?
ldap_bind will return true or false. You need to pass the result of ldap_connect to ldap_search instead - which is $ldap in your example.
$sr = ldap_search($ldap, "OU=User Accounts,DC=Domain1,DC=foobar,DC=Local", "(|(sn=*))");
I try to bind LDAP using PHP and I getting this error
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server on line 21
and the script on line 21 is this..
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
Here's the script to connect in LDAP:
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 389);
if ($conn_status === FALSE) {
die("Couldn't connect to LDAP service");
} else {
echo "Successful! <br/>";
}
Here's the script of Bind to LDAP:
$app_user = 'cn=user, dc=domain, dc=com';
$app_pass = 'password';
$username = 'user'; //same as cn
$password = 'password'; //same as $app_pass
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
if ($bind_status === FALSE) {
die("Couldn't bind to LDAP as application user");
} else {
echo "Bind to LDAP successfully <br/>";
}
My updated LDAP bind script
$bind_status = ldap_bind($conn_status, $username, $password);
if ($bind_status === FALSE) {
//die("Couldn't bind to LDAP <br/>");
echo "LDAP-Errno: " . ldap_errno($ds) . "<br />";
} else {
echo "Bind to LDAP successfully <br/>";
}
And now I got this error:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Operations error on line 21
Line 21 is this:
$bind_status = ldap_bind($conn_status, $username, $password);
When I use
var_dump (#ldap_bind($conn_status, "cn=Username, ou=domain, ou=com"));
The result is
bool(false)
Pls help me to fix this. Thank you
Typically ldaps listens on port 636/tcp and ldap with starttls listens on port 389/tcp.
$ldap_URI = "ldap://ldap.example.com/" ;
$ldap_bind_dn = "cn=myapplication,ou=service accounts,dc=example,dc=com" ;
$ldap_bind_dn_password = "hopefully something long and complicated" ;
$ldap_connection = ldap_connect($ldap_URI) ;
if(ldap_start_tls($ldap_connection)){
if(!ldap_bind($ldap_connection,$ldap_bind_dn,$ldap_bind_dn_password)) ;
//TODO: return/throw some error/exception here to be handled by caller, regarding invalid credentials
}else{
ldap_close($ldap_connection);
//TODO: return/throw some error/exception here to be handled by caller, regarding starttls failure
}
Check the TLS settings of your global ldap config, usually
/etc/openldap/ldap.conf or /etc/ldap/ldap.conf.
If you use SELinux, check httpd_can_connect_ldap, i.e. $ getsebool httpd_can_connect_ldap
Also:
When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect but just initializes the connecting parameters. The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind(). --php manual
In your ldap_connect method, you specified a secure ldap connection ldaps and yet used the standard port for 389. If you are trying to make a secure connection, then remove the port number and ldap_connect will figure out the right port or use port 636. Otherwise use ldap with port number 389 for the unsecure connection.
Either
$conn_status = ldap_connect('ldap://ldap.domain.com/');
$conn_status = ldap_connect('ldap://ldap.domain.com/', 389);
OR
$conn_status = ldap_connect('ldaps://ldap.domain.com/');
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 636);