I am trying to connect to a remote LDAP server from a local Ubuntu VM Box on my Windows machine. The PHP code is:
$ldap = ldap_connect("ldaps://11.22.33.44",636);
ldap_set_option ($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$username = "domain\usr";
$password = "blah";
$ds = ldap_bind($ldap, $username, $password );
if( $ds ){
echo "logged in!";
}
else{
echo "failed to log in!";
exit;
}
When running this I get the 'logged in!' message, so I'm assuming that the connection is working. However, when I run this PHP code afterwards:
$sr = ldap_search($ds, "OU=User Accounts,DC=Domain1,DC=foobar,DC=Local", "(|(sn=*))");
I get this error:
Warning: ldap_search(): supplied argument is not a valid ldap link resource in /usr/share/nginx/www/ldap_test.php on line 37
(which refers to the line that contians the ldap_search command. This doesn't make sense if the connection is successful and a link resource is created - any ideas?
ldap_bind will return true or false. You need to pass the result of ldap_connect to ldap_search instead - which is $ldap in your example.
$sr = ldap_search($ldap, "OU=User Accounts,DC=Domain1,DC=foobar,DC=Local", "(|(sn=*))");
Related
$username = $_POST['username'];
$password = $_POST['password'];
$ldaphost = "ldaps://corpldap.xxx.net";
$ldapUsername = "cn=$username,ou=people,dc=xxx,dc=net";
$ldapPassword = "$password";
$ds = ldap_connect($ldaphost,636) or die("\r\nCould not connect to LDAP server\r\n");
echo $ds; //this output 'Resource id #21'
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
print "Could not set LDAPv3\r\n";
} else {
// now we need to bind to the ldap server
echo 'success'; //echo success output
$bth = ldap_bind($ds) or die("\r\nCould not connect to LDAP server\r\n");
}
I get 'Resource id #21 success
Could not connect to LDAP server'
so ldap_bind is failing
stack trace on error log:
PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
How can i fix this? Please help.
Please note: i also tried $ldaphost = "ldaps://corpldap.xxx.net:636";
I also tried echoing php_info() which shows ldap enabled.
My company recently changed domains due to an ownership change and I am having an issue getting my LDAP bind to complete on the new domain.
My connect command creates the resource correctly but when I go to bind I get the error.
"Warning: ldap_bind(): Unable to bind to server: Strong(er) authentication required"
I am not using ldaps. I have confirmed I have the correct domain url for LDAP.
$ad is the resource, $dmun is the username with domain added and the $pw is the password.
$bd = ldap_bind($ad,$dmun,$pw);
It's an intranet site.
Try This code. This code worked for me
$username = 'username';
$password = 'password';
$ldap_host = "domain.com";
$ldap_port = 389;
$base_dn = "DC=domain,DC=com";
$filter = '(sAMAccountName=' . $username . ')';
$connect = ldap_connect($ldap_host, $ldap_port) or exit("Error : Could not connect to LDAP server.");
if ($connect) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (#$bind = ldap_bind($connect, "$username#domain.com", $password)) {
echo "Bind Successfull";
} else {
echo "Invalid Username / Password";
}
}
I have put together a basic web-app, the actual web-app itself works fine. However I wanted to add user authentication using our existing ldap server. The ldap script seems to work intermittently though, when logging in the first few attempts will fail with the 'access denied' message then it will authenticate. I ran the script stand alone without the app and the same behavior applies.
I cant seem to tie the problem down anywhere, I can only assume it is occuring on the ldap side and not the php side. I have included the script below, any help would be great.
While writing this, it failed to auth 3 times and passed twice...
<?php
$user = $_POST['login-name'];
$password = $_POST['login-pass'];
$ldap_user = 'uid='.$user.',ou=people,dc=ourdomain,dc=com,dc=au';
$ldap_pwd = $password;
$ldaphost = 'ldap://ldapserver.domain.com';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = $ldap_user;
$upasswd = $password;
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{
//print "Congratulations! $username is authenticated.";
header('Location: message.html');
}
else
{print "Access Denied!";}
}
?>
You probably should set the LDAP-protocol version to 3 using
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
before calling ldap_bind().
I've found this at http://php.net/manual/de/function.ldap-bind.php#72795
I try to bind LDAP using PHP and I getting this error
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server on line 21
and the script on line 21 is this..
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
Here's the script to connect in LDAP:
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 389);
if ($conn_status === FALSE) {
die("Couldn't connect to LDAP service");
} else {
echo "Successful! <br/>";
}
Here's the script of Bind to LDAP:
$app_user = 'cn=user, dc=domain, dc=com';
$app_pass = 'password';
$username = 'user'; //same as cn
$password = 'password'; //same as $app_pass
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
if ($bind_status === FALSE) {
die("Couldn't bind to LDAP as application user");
} else {
echo "Bind to LDAP successfully <br/>";
}
My updated LDAP bind script
$bind_status = ldap_bind($conn_status, $username, $password);
if ($bind_status === FALSE) {
//die("Couldn't bind to LDAP <br/>");
echo "LDAP-Errno: " . ldap_errno($ds) . "<br />";
} else {
echo "Bind to LDAP successfully <br/>";
}
And now I got this error:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Operations error on line 21
Line 21 is this:
$bind_status = ldap_bind($conn_status, $username, $password);
When I use
var_dump (#ldap_bind($conn_status, "cn=Username, ou=domain, ou=com"));
The result is
bool(false)
Pls help me to fix this. Thank you
Typically ldaps listens on port 636/tcp and ldap with starttls listens on port 389/tcp.
$ldap_URI = "ldap://ldap.example.com/" ;
$ldap_bind_dn = "cn=myapplication,ou=service accounts,dc=example,dc=com" ;
$ldap_bind_dn_password = "hopefully something long and complicated" ;
$ldap_connection = ldap_connect($ldap_URI) ;
if(ldap_start_tls($ldap_connection)){
if(!ldap_bind($ldap_connection,$ldap_bind_dn,$ldap_bind_dn_password)) ;
//TODO: return/throw some error/exception here to be handled by caller, regarding invalid credentials
}else{
ldap_close($ldap_connection);
//TODO: return/throw some error/exception here to be handled by caller, regarding starttls failure
}
Check the TLS settings of your global ldap config, usually
/etc/openldap/ldap.conf or /etc/ldap/ldap.conf.
If you use SELinux, check httpd_can_connect_ldap, i.e. $ getsebool httpd_can_connect_ldap
Also:
When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect but just initializes the connecting parameters. The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind(). --php manual
In your ldap_connect method, you specified a secure ldap connection ldaps and yet used the standard port for 389. If you are trying to make a secure connection, then remove the port number and ldap_connect will figure out the right port or use port 636. Otherwise use ldap with port number 389 for the unsecure connection.
Either
$conn_status = ldap_connect('ldap://ldap.domain.com/');
$conn_status = ldap_connect('ldap://ldap.domain.com/', 389);
OR
$conn_status = ldap_connect('ldaps://ldap.domain.com/');
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 636);
I have this PHP code:
$ldap = ldap_connect("aaa.bbbbb.cc")
or die("Could not connect to LDAP server.");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$ldapbind = ldap_bind($ldap);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed..."; //end up here
}
And I'm unable to make it bind successfully, I have tried all sorts of combinations.
Passing credentials, using an URI with "ldap://".
The following C# code works fine when binding to the same LDAP server:
var connection = new LdapConnection("aaa.bbbbb.cc");
connection.Bind();
The LDAP API for PHP seemssomewhat hard to debug, since if bind fails, you don't get any result, so I have no idea how to see what fails, if it cant access the server, bad credentials, or something else..
So, any ideas what could cause the PHP code to fail? is there something special I need to do?
(LDAP extension is enabled for PHP)
I've had problems with PHP LDAP before.
Luckily I found this in the doc comments:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
Which will give you verbose output when trying to open a connection and bind.
I usually do this:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldap = ldap_connect("ldap://" . $domainController, $port);
$bind = #ldap_bind($ldap, $username . $accountSuffix, $password);
if (!$bind) {
// throw or something
echo ldap_error($ldap); // http://php.net/manual/en/function.ldap-error.php
}
Wikipedia has a nice write up of the various parts to the LDAP protocol.