Ldap how to get memberof - php

How to get memberof the user filter? Not all users have memberof.
$ds = `000.000.000.000`;
$ldaprdn = `CN=Users,dc=xxx,dc=xx,dc=xx,dc=xx`;
$user = `CN=UserSystem,`;
$ldappass = `pass`;
// connect to ldap server
$ldapconn = ldap_connect("000.000.000.000") or die(`Could not connect to LDAP server.`);
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $user.``.$ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$sr=ldap_search($ldapconn, $ldaprdn, `(&(objectClass=user)(sAMAccountName=testuser))`);
$info = ldap_get_entries($ldapconn, $sr);
$ii=0;
for ($i=0; $ii`;
if ($data == `memberof`) {
$membrog = explode(`,`, $info[$i][$data][0]);
$membrode = explode(`=`, $membrog[0]);
echo $membrode[1].``;
}
}
ldap_close($ldapconn);
} else {
echo `Connection to LDAP Failed`;
}
}


If you are looking at groups a user is a memberOF, from LDAP, Because of group nesting, you may need to use a filter which utilizes MATCHING_RULE_IN_CHAIN, like shown on this page.
-jim

Related

LDAP Connection with PHP Issue

I am currently trying to connect out to our Active Directory to do some fancy searching magic. I have all the fancy searches written in python, now we are just trying to port it over to PHP. I am having issue getting my connection to the ldap server working. I am not getting any error messages and my informative echo's aren't displaying, neither is my footer. Any help would be appreciated! Thanks!
Here is the code:
<?php
include "src/header.php";
echo "Well Hello-01<br>";
if(isset($_POST['username'])){
$User = 'AD\\' . $_POST['username'];
}
if(isset($_POST['password'])){
$Pass = $_POST['password'];
}
echo "Username: " . $User . "<br>";
echo "Password: " . $Pass . "<br>";
$ldapconn = ldap_connect("ldap://ad.whatever.com")
or die("Could not connect to LDAP server");
if($ldapconn){
echo "Attempting Bind";
//binding to ldap
$ldapbind = ldap_bind($ldapconn, $User, $Pass);
//Verify Bind
if($ldapbind){
echo "LDAP bind successfull...";
}else{
echo "LDAP bind failed...";
}
}else{
echo "Fail";
}
include "src/footer.php";
?>
</body>`
And for whatever it's worth here is what is output to the screen: Screenshot

I made this code a little while ago, maybe it can help you:
<?php
$username = $_POST['USERNAME'];
$password = $_POST['USERPASS'];
$server = 'AD_SERVER_IP_GOES_HERE';
$domain = '#MY_DOMAIN.COM';
$port = 389; //default connection port
$dn = "DC=MY_DOMAIN,DC=COM";
$filter = "(&(samaccountname=".$username."))";
$params = array("sn","givenName","samAccountName",
"mail","displayName","department",
"title","company","streetAddress",
"department","memberOf");
/*these are parameters you want to retrieve from a given user*/
$connection = ldap_connect($server, $port);
if (!$connection) {
echo 'no_server';
}
$bind = #ldap_bind($connection, $username.$domain, $password);
if (!$bind) {
echo 'user_error';
}
else
{
$query_user = ldap_get_entries($connection,ldap_search($connection,$dn,$filter,$params));
print_r($query_user);
}
// Close conection
ldap_close($connection);
}
?>

PHP Active Directory Fail

<?php
$domain = 'xxxx.com';
$username = 'xxxxxx';
$password = 'xxxxxx';
$ldapconfig['host'] = 'xxx.xxx.xxx.xxx';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=xxxx,dc=com';
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$dn="ou=Technology,".$ldapconfig['basedn'];
$bind=ldap_bind($ds, $username .'#' .$domain, $password);
$isITuser = ldap_search($bind,$dn,'(&(objectClass=User)(sAMAccountName=' . $username. '))');
if ($isITuser) {
echo("Login correct");
} else {
echo("Login incorrect");
}
?>
I am trying to connect to Active Directory servers. But, I get an error. "Login incorrect". Actually my purpose is to add user.

ldap_search() Operations error

I've looked at a lot of other questions about this but can't seen to find the solution for my error.
The code I use is:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn = ldap_connect('[HOST]', 389);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
ldap_bind($ldapconn, $username, $password);
$authUser = $adldap->user()->authenticate($username, $password);
if ($authUser == true) {
echo "jep";
echo "<br />";
$basedn = "DC=lab,DC=kuhlmann-its,DC=local";
$classname = "TAI2";
$filter = "(memberOf=OU=" . $classname . ",OU=Accounts,OU=BBS_Students,OU=BBS,OU=EDUNET,DC=lab,DC=kuhlmann-its,DC=local)";
$attributes = array("cn");
$search = ldap_search($ldapconn, $basedn, $filter, $attributes);
$info = ldap_get_entries($ldapconn, $search);
This is my first time working with LDAP and Active Directory and I don't know how all the functions work. I want to know why my ldap_search() is not working.
Thanks in advance.

ldap_bind(): Unable to bind to server: Invalid DN syntax

I am trying to get authentication from ldap and I am geting the error
"ldap_bind(): Unable to bind to server: Invalid credentials"
any one can provider any information about this .
Below the code I use:
$ldaphost = "ldap.mydomain.com"; $ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
if ($ds) {
$username = "myUser";
$upasswd = "*****";
$binddn = "uid=$username,ou=people,dc=yourdomain,dc=com"; $ldapbind = ldap_bind($ds, $binddn, $upasswd);
if ($ldapbind) { echo "login" ; } else { echo " not login"; }
}

$ldaphost = "ldap.mydomain.com";
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
if ($ds) {
$username = "myUser";
$upasswd = "*****";
$binddn = "cn=admin,dc=yourdomain,dc=com"; //cn=admin or whatever you use to login by phpldapadmin
$ldapbind = ldap_bind($ds,$binddn, $upasswd);
//check if ldap was sucessfull
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}

Warning: ldap_bind(): Unable to bind to server: Invalid credentials PHP and LDAP

I'm trying to connect to an LDAP server to authenticate user credentials.
I've found a few users with this same issue but their solutions did not work for me.
here's what I'm using:
<?php
define('LDAP_SERVER', 'LDAP://pdc.mydomain.com');
define('LDAP_PORT', 389);
define('LDAP_TOP', 'dc=mydomain,dc=com');
if(isset($_POST['username']))
{
if(!($ds = ldap_connect(LDAP_SERVER, LDAP_PORT)))
{
die ("Could not connect to mydomain domain");
}
$un = $_POST['username'].",".LDAP_TOP;
//echo stripslashes($un)."<br>";
$ldapbind = ldap_bind($ds, stripslashes($un), $_POST['password']);
if($ldapbind)
echo "login success";
else
echo "login failed";
}
?>
I've tried using "mydomain\myusername" and just "myusername".
I added the stripslashes() function when neither worked to test that, and still no dice.
the error I get every time is: Warning: ldap_bind(): Unable to bind to server: Invalid credentials
any help would be greatly appreciated
TIA

I know it is a pretty old question and if you still need an answer then what happens if you run this code in a single php file?
$username = 'hello';
$password = '123123';
$server = '192.168.32.4';
$domain = '#yourdomain.local';
$port = 389;
$connection = ldap_connect($server, $port);
if (!$connection) {
exit('Connection failed');
}
// Help talking to AD
ldap_set_option($connection , LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection , LDAP_OPT_REFERRALS, 0);
$bind = #ldap_bind($connection, $username.$domain, $password);
if (!$bind) {
exit('Binding failed');
}
// This is where you can do your work
echo 'Hello from LDAP';
ldap_close($connection );
More info is here.

Check whether your login and pass correct.
And before the login add domain. See in example bottom (HQ\login):
<?php
$login = 'HQ\student';
$password = 'MYPASS';
$ldap_link = ldap_connect('pdc.bc) or die("Could not connect to LDAP server.");
$ldapbind = #ldap_bind($ldap_link, $login, $password) or die ("Error trying to bind: ".ldap_error($ldap_link));
?>

I used these functions:
function authenticate($username, $password){
include 'conf/config.inc.php';
$ldap_Userdn = getUserDN($username);
if($ldap_Userdn!=""){
$ldap_con = ldap_connect($ldap_hostname,$ldap_port);
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
if(ldap_bind($ldap_con, $ldap_Userdn, $password)){
return true;
} else {
//echo "<br>Error bind checkPassword function<br>";
return false;
}
} else {
echo "Error to find user DN" . ldap_error($ldap_con);
}
ldap_close($ldap_con);
}
function getUserDN($username){
include 'conf/config.inc.php';
$data = "";
$ldap_con = ldap_connect($ldap_hostname,$ldap_port);
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_con, LDAP_OPT_REFERRALS, 0);
if(ldap_bind($ldap_con, $ldap_dn, $ldap_password)){
$filter="(cn=$username)";
$dn=$ldap_search; //even if it seems obvious I note here that the dn is just an example, you'll have to provide an OU and DC of your own
$res = ldap_search($ldap_con, $ldap_search, $filter);
$first = ldap_first_entry($ldap_con, $res);
$data = ldap_get_dn($ldap_con, $first);
} else {
echo "<br>Error bind getUserDN function<br>" . ldap_error($ldap_con);
}
ldap_close($ldap_con);
return $data;
}
an this is my config.inc.php:
<?php
$ldap_hostname = "my openldap IP";
$ldap_port = "389";
$ldap_dn = "cn=Manager,dc=mydomain,dc=com";
$ldap_search = "dc=mydomain,dc=com";
$ldap_password ="my password";
?>

Categories