php ldap_search Operations error - php

I want to use the following php script to retrieve AD Users (Windows 2008R2) who have the "proxyAddresses" attribute set:
<?php
$ldaprdn = 'ldapbind#test.net';
$ldappass = 'testpass';
$ldapconn = ldap_connect("ldap://10.1.20.254:389")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...\n";
$result = ldap_search($ldapconn, "CN=Users,DN=test,DN=net", "(proxyAddresses=*)")
or die ("Error in serach query: " . ldap_error($ldapconn));
$data = ldap_get_entries($ldapconn, $result);
print_r($data);
} else {
echo "LDAP bind failed...";
}
}
?>
It binds successful, but then i get warning and error message:
PHP Warning: ldap_search() Operations error in ..... on line .. (the ldap_search line)
and
Error in search query: Operations error
When i execute an ldapsearch on the console:
ldapsearch -h 10.1.20.254 -p 389 -D 'ldapbind#test.net' -w 'testpass' -b 'CN=Users,DC=test,DC=net' '(proxyAddresses=*)' cn proxyAddresses mail
i get the desired results.
It's running on "CentOS release 6.4 (Final).
Thanks in advance

Related

PHP - LDAP with SSL fail to bind

I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.
# yum install -y php php-ldap
...
# php -m
...
ldap
...
Now the following PHP codes works:
<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.
Problem
But then I tried with SSL via port 636:
<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
I got this error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......
What am I missing please?
Note:
We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
Server certificate is valid.
I figured out the ldap_connect should be as below:
ldap_connect("ldaps://dc.example.com:636")
And then all of sudden it worked!
Note: If it is on Apache, it is worth restarting it after changing to above code.

ldap_start_tls(): Unable to start TLS, LdapErr: DSID-0C09128B "TLS or SSL already in effect"

I am trying to do LDAP authenticate with certificate in AWS Beanstalk and EC2 (PHP 8.0 running on 64bit Amazon Linux 2/3.3.4).
.pem certificate is in /etc/openldap/certs
My PHP Code as follows :
$ldaprdn = 'username#dc1.dc2';
$ldappass = 'password';
$ldapconn = ldap_connect("ldaps://ldaps.hostname.com:636")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = #ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...\n";
} else {
echo "LDAP bind failed...\n";
}
}
echo "ldap_error: " . ldap_error($ldapconn);
ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $err);
echo "ldap_get_option: $err";
I get the following warning:
Warning: ldap_start_tls(): Unable to start TLS: Operations error in /var/app/current/auth1.php on line 26 ldap_error: Operations errorldap_get_option: 00000000: LdapErr: DSID-0C09128B, comment: TLS or SSL already in effect, data 0, v3839 Warning: ldap_search(): Search: Operations error in /var/app/current/auth1.php on line 48 Error - Operations error

Active directory authentication in php

I was trying to check authentication with Active Directory in php. I tried the below code but I am getting an error. I followed the link https://www.php.net/manual/en/function.ldap-bind.php .
Code:
<?php
// using ldap bind
$ldaprdn = 'Administrator'; // ldap rdn or dn
$ldappass = '****'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldap://dc1.example.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
Error :
PHP Warning: ldap_bind(): Unable to bind to server: Invalid
credentials in /root/ldap1.php on line 14 LDAP bind failed...

php ldap bind can't contact server

I'm using Centos 7, and I'm having "Can't contact LDAP server" error when using php ldap_bind() function. I've tried ldapsearch and it connected successfully. I'm not sure how to solve the issue. Any help is welcome.
$ldaphost = "HOST";
$ldapport = PORT;
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldapconn = ldap_connect($ldaphost, $ldapport);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn);
if (!$ldapbind) {
echo ldap_error($ldapconn);
}
else {
echo "it finally workd";
}
}
ldap_close($ldapconn);
And my command line ldapsearch is
ldapsearch -h HOST -p PORT

Facing Warnings LDAP using PHP wrong link resource

I am attempting to connect to active directory via LDAP in php. But i get the following warnings:
Warning: ldap_search(): supplied argument is not a valid ldap link resource in C:\Program Files (x86)\EasyPHP-12.1\www\GuestRegister\login.php on line 39
Warning: ldap_get_entries() expects parameter 1 to be resource, string given in C:\Program Files (x86)\EasyPHP-12.1\www\GuestRegister\login.php on line 41
entries returned
Can anyone help? :)
My code look like:
<?php
$ds = "10.33.85.172";
$ldaprdn = "CN=HackTeam,CN=Users,DC=cisco,DC=internal";
$ldappass = 'HackMe007';
// connect to ldap server
$ldapconn = ldap_connect("10.33.85.172")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "Connected to LDAP";
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$filter="(|(sn=guest-Juan*)(givenname=Juan*))";
$justthese = array("ou", "sn", "givenname", "mail");
$sr=ldap_search($ds, $ldaprdn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." entries returned\n";
} else {
echo "Connection to LDAP Failed";
}
}
?>
change:
$sr=ldap_search($ds, $ldaprdn, $filter, $justthese);
to
$sr=ldap_search($ldapconn, $ldaprdn, $filter, $justthese);
You should pass the connection resource as the first parameter to ldap_search, what you are passing is $ds which is just a string with the ldap server's ip.

Categories