It is the first time I am working with PHP 5 LDAP library and I am a bit confused. I would be very happy if anyone could give me some clarifications on the following:
First of all let me give my configurations:
LDAP server: Windows Server 2013 Active Directory
Hostname: winad
Domain: domain.local
IP: 1.1.1.1 (for the sake of explaining)
Windows Account used for binding: Administrator
Ping hostname from dev machine works
Ping ip from dev machine works
Ping winad.domain.local from dev machine fails
Development Environment: Windows 8 Professional with WAMP
PHP: 5.3.13
PHP LDAP Module loaded and working
Apache LDAP module not loaded
Scenario:
I am trying to authenticate a user against the Windows AD with the administrator account for a start. Here is a sample of my code:
I will be using these variables in the various scenarios below:
$hostname = "winad";
$dnex= "uid=Administrator, ou=Users, dc=domain, dc=local";
Code that works:
$conn = ldap_connect($hostname);
$bind = ldap_bind($conn, "DOMAIN\Administrator", "password");
Code that fails:
$conn = ldap_connect($hostname);
$bind = ldap_bind($conn, $dnex, "password");
Error: Invalid credentials
Now my question is why does it fails when I specify a dn?
Let say I have location1.domain.local and location2.domain.local and I want to bind only with location2, it does not seem possible without specifying the dn.
Can somebody show the right way to proceed?
After some more search I found the following post:
PHP LDAP Connection
The response from AlexC answered my question correctly.
Hope this is helpful.
Related
So I have written a basic program with PHP and MongoDB and I tested it locally using xampp. This all works fine. Now I want to publish it as a website.
After some research I decided to use Bitnami and I am running an EC2 server on Amazon. I am able to ssh and run commands from the terminal. Now I want to connect to the server and create a Mongo client. I am a bit puzzled and do not know how to do this exactly. I am using the code below. The ssh works fine but I do not know how to set up the mongo client. The '$m = new MongoClient();' works fine locally for localhost, I have also tried to supply to MongoClient my username and password but without success. Thank you very much for any help!
include('Net/SSH2.php');
include('Crypt/RSA.php');
$key = new Crypt_RSA();
$key->loadKey(file_get_contents('../../etc/bitnami.pem'));
$ssh = new Net_SSH2('ip_address');
if (!$ssh->login('bitnami', $key)) {
exit('Login Failed');
}
$ssh->exec('mongo admin --username root -p <myPassword>');
$m = new MongoClient();
$db = $m->mydb;
echo "Database mydb selected";
$collection = $db->mycol;
echo "Collection selected succsessfully";
$document = array(
"title" => "MongoDB",
"description" => "database"
);
$collection->insert($document);
Update answer to Jota Martos (unable to write it as comment):
Hi, thank you for your answer. Yes for now I allow access from all ports and IP's for test purposes. I can successfully connect via ssh but now I am stuck. I am running a Mean bitnami application and my website is running on GoDaddy server under PHP. So I want to connect with PHP to my mongoDB bitnami app that is hosted on AWS. So now the problem is that on my GoDaddy server mongoDB is not installed. So running the following code does not work:
$m = new MongoDB\Driver\Manager("mongodb://${bitnami}:${AWSpassword}#hostIp");
Fatal error: Class 'MongoDB\Driver\Manager' not found.
So my question how do I connect with PHP from my GoDaddy server to the EC2 Amazon server and connect to Bitnami mongoDB account. Should I first setup an ssh connection to the server and then try to login to mongoDB server or how should I connect?
Any help is appreciated, thank you in advance!
According to php.net the function that is used is Deprecated, refer this.
Can you try something like:
<?php
$manager = new MongoDB\Driver\Manager("mongodb://myusername:myp%40ss%3Aw%25rd#example.com/mydatabase");
?>
Refer this
Hi Bitnami Engineer here,
Apart from this tip, please note that the database port for the nodes in this solution cannot be accessed over a public IP address by default. For security reasons, we do not recommend making the database port accessible over a public IP address.
https://docs.bitnami.com/aws/infrastructure/mongodb/#how-to-connect-to-mongodb-from-a-different-machine
You can open the MongoDB port in the server by accessing the AWS console and modifying the access group configuration
https://docs.bitnami.com/aws/faq/#how-to-open-the-server-ports-for-remote-access
You will also need to modify the MongoDB configuration file (/opt/bitnami/mongodb/mongodb.conf) to allow the database to not to work only on 127.0.0.1.
Regards,
Jota
If you are looking to connect a tool like Studio 3T to a remote Mongodb instance built using bitnami AMI you can follow the steps below:
1. Open inbound port 27017 on instance security group.
2. Open Instance log of the instance and find the password for user root.
3. Open Studio 3T, server name is instance public ip and port 27017.
4. Got to Authentication and select basic and put in the user as root and password as obtained from instance log.
Click on Test Connection, it should work.
I have an application in which I have to access all pc connected to same network and their MySql Databases and I also want want to connect to remotely a server.
Actually I have list of drop down services and each service holding a database name. when I select a service then I want to build connection to database either it lies on same network or any remote server.
Remember, I know the hostname, username, password and dbname. and I am using mysqli_connect function.
I have try multiple options given on web, but all in vain. e.g grant host and user access. But not found any solution can help to solve my problem.
I have try bind-address option in my.conf file but no solution.
Here is my code
For remote Server
$con = new mysqli_connect('xxx xxx xxx:3306', 'username', 'pass', 'dbname');
For local Network
$con = new mysqli_connect('xxxx xxx xxx:3306', 'localhost', '', 'talent');
Error
mysqli::mysqli();(HY000/2002): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. and also get this one earlier Warning: mysqli_connect(): (HY000/1045): Access denied for user 'username'#'localhost' (using password: YES).
I am using windows platform. WIndow 8.1
I guess you want to access mysql database installed on different computers on same network as your computer and also on some remote server.
What you need is IP Addresses of all the computers on which the mysql server is installed including the remote server. And on each such computer mysql server remote access should be enabled for your computer's IP Address and mysql user you are using in 'new mysqli_connect()'. See this tutorial.
Also as fvu said check php documentation for 'mysqli_connect' function.
UPDATED
What is SSH?
1. SSH is SecureSHell.
2. Its nothing but a remote login tool or program(like telnet but in secured way).
3. Remote login is logging in to some other computer(known as remote computer) as a user of that computer from your computer.
4. After you successfully logged in to the remote computer via ssh, you can type commands on that remote computer on behalf of the user you are loggen in with.
5. Consider this as if you are sitting in front of your computer and watching the command prompt(terminal in linux and mac) screen of the remote computer.
6. Whataver you will type here will reflect there.
For your knowledge to make you understand the problem:
1. When you install XAMPP or WAMP on your computer it also installs MySQL Server with it.
2. MySQL Server is a process running in the background to which we can request to do
database operations like SELECT, UPDATE, etc.
3. This thing we generally do using 'mysql_connect' or 'mysqli_connect' in php.
4. MySQL Server can have many users and different users have different previledges/permissions. So that MySQL admin user(i.e. root) can control what things are allowed and not allowed for a user.
5. Now while connecting to the mysql server process we need to specify the user credentials. That you specify in mysqli_connect function.
Now let me explain you why you are getting that error:
1. The user credentials you are using either does not exist or not correct or the user has no access to connect to MySQL Server process remotely. i.e. from other computer that the one has MySQL Server installed on. In your case from your computer to computer A or to computer B or remote server.
2. The other reason may be the firewall settings of remote computers.
Solution:
1. For computer A and computer B you don't need ssh you can directly go to the computer and open command prompt on it and type commands.
2. But for remote computer you need to use ssh.
3. Now another problem is you are using Windows so ssh program will not be available to you.
4. You will need to download putty program. Its ssh implementation for windows. Same as ssh only name is different.
5. Take a putty tutorial to connect to remote server.
6. Then you can use this tutorial for granting remote login access to mysql user you are using in mysqli_connect function.
If the server is a local hosted database and you can connect to it from local host and i you are not able to connect to it from a remote machine consider the following options.
There is a firewall in ubuntu that you need to open, you do this by granting access in IPtables.
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT And now we should be able to login to our server from our local machine:
mysql -h255.112.324.12 -uroot -pMyPASSWORD
You need
to grant access to mysql: https://askubuntu.com/questions/159053/mysql-server-not-accessible-from-remote-machine
as root, open your /etc/mysql/my.cnf with your favorite editor look for the [mysqld] section, and in there for the bind-address keyword. This usually is set to 127.0.0.1 -- change that to match your "normal" IP-address save the file, and reload the service (e.g. using service mysql restart)
Last but not least you need to give remote access in mysql:
GRANT ALL ON mydb.* TO root#'%' IDENTIFIED BY 'MyPASSWORD';
Find more information here: http://web.archive.org/web/20120930214828/http://chosencollective.com/technology/how-to-enable-remote-access-to-mysql
Right now you seem to be mixing object-oriented and procedural approaches. If you want to use object-orented approach, mysqli object should be instantiated as follows:
$con = new mysqli($host, $username, $password, $dbname, $socket); // all but first parameter are optional
If you want to use procedural approach, mysqli connection resource should be created as follows:
$con = mysqli_connect($host, $username, $password, $dbname, $socket); // all but first parameter are optional
I am tried to implement a LDAP authentication in my web application developed in ZF2. LDAP authentication is working fine in Windows 7.
But, after moving the application to LINUX machine, LDAP authentication is not working. I am always getting the error as : Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in LdapConnect.php on line 20
I have used the scripts as:
$ldaphost = "ldap://xxxx.net";
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
if ($ds)
{
$username = "username#xxxx.net";
$upasswd = "password";
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{
print "Congratulations! you are authenticated successfully.";
}else{
print "Better luck next time!";
}
}
Should I install any software package or should I do any config settings?
Note: If I give the IP adress then it is working fine, but if I give the domain name, then it is not working.
The library may be different between the 2, or a different version. You'd be amazed how many variations of the ldap client there are. In your position I would (if available) use ldap client to make the same kind of connection a few different ways.
e.g. the "-x" on the standard ldapsearch:
-x Use simple authentication instead of SASL.
So you could express the connection like this:
ldapsearch -h xxxx.net -p 389 (etc)
ldapsearch -x -h ldap://xxxx.net:389 (this should actually be -H..)
and so on.
It is also possible for things outside of your code to be an issue. Prod servers often have firewalls and proxies (e.g. F5) that are transparent to the server/client.
Make sure your final code has exception handling for binding and searching. I'm not too familiar with the php implementation, and the doco is a tad thin. Normally you'd use a synchronous bind.
Can you verify that the code above is exactly as you had it on Windows? The reason I ask is that looking here: http://php.net/manual/en/function.ldap-connect.php it seems that you may be mixing 2 types of bind. I definitely wouldn't have done it like that in standard python.
So if using a URI normally you'd do it like this:
ldap_connect("ldap://blah:389")
and if you're connecting via host/port combo:
ldap_connect("blah","389")
With minimal exception info my best guess is that its actually trying to bind to a hostname "ldap://xxxx.net" on port "389".
I have an Active Directory server and a Windows WAMP server hosting PHP web applications that need to be able to authenticate to Active Directory using Kerberos.
I was able to easily connect and bind to the Active Directory host using some sample PHP code, but I'm not sure how to do so with Kerberos. I have see many forums and blogs detailing how to do this on *NIX machines, but that doesn't help me with my situation.
I did use Wireshark and Fiddler to confirm that there is no Kerberos or NTLM negotiating happening.
Sample code I used to connect and bind to LDAP:
<?php
$ldaphost = "example.domain.com";
$ldapport = 389;
$ldapuser = "user";
$ldappass = "password";
$ldapconn = ldap_connect( $ldaphost, $ldapport )
or die( "Unable to connect to the LDAP server {$ldaphost}" );
if ($ldapconn)
{
$ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass);
if ($ldapbind)
{
echo "LDAP connection successful";
}
else
{
echo "LDAP connction failed";
}
}
?>
Any help will be greatly appreciated, thanks!
Update: I've been wrestling with this all day and I think I need to use ldap_sasl_bind(), possibly using GSSAPI as the mechanism... No matter what parameters I put in to ldap_sasl_bind(), I get the following error: 'Unable to bind to server: Unknown authentication method'
I'm not sure how to implement GSSAPI, but some examples I've seen show using ldap_start_tls(), but I keep getting a 'Unable to start TLS: Server is unavailable' error.
I don't know if anyone knows anything about ldap_sasl_bind() (which is undocumented by PHP) or ldap_start_tls, but if this is the way I should be going, please point me in the right direction.
I cannot help with the Kerberos issue yet, as I am still struggling with it myself. However, I can point you in the right direction for TLS. TLS will at least prevent your credentials from being transmitted over the network in clear text. TLS requires proper configuration of OpenLDAP. At the very least, you can configure your client to not request or check any server certificates. You do this by adding the following line to the top of your ldap.conf configuration file.
TLS_REQCERT never
Your ldap.conf file should be located in C:\ or C:\openldap\sysconf, depending on your version of PHP and OpenLDAP. The file most likely does not yet exist in your setup. You may also be able to set the configuration via an environment variable as well putenv(TLS_REQCERT=never);, but I have not tried that myself, and there appear to be mixed results reported by others.
What you need to do: Make sure that the LDAP interface in PHP is compiled against SASL, supports GSS-API mech and either uses keytabs or the Windows-own SSPI interface. Good luck.
I solved this problem on windows by creating executable based on c++ ldap_bind_s. I use this executable as a command line with the parameters: host, username,password. This is the only way I got it work for GSSAPI.
WINLDAPAPI ULONG LDAPAPI ldap_bind_s(
LDAP *ld,
const PSTR dn,
const PCHAR cred,
ULONG method
);
I used LDAP_AUTH_NEGOTIATE.
I am having issues connecting to a mssql server that is located on a network machine. I need to connect remotely through another domain example (abc.com) not on the network to access data. This domain runs mysql if that makes any difference. I am trying to access the mssql server through this php script:
<?php
$server= 'ip address:port';
$user='user';
$password= 'pass';
$con = mssql_connect($server,$user,$password);
if (!$con)
{
die('Could not connect:' . mssql_get_last_message() );
}
else{ echo 'connected';
}
I run this script through the shell on abc.com and I get:
mssql_connect(): Unable to connect to server:
I have gone through several tutorials to enabling tcp/ip access through the sql server config manager as well as allowing the specific port through the firewall.
What are some other things I should try or steps I am missing here.
Also: the ip address I am using is the one I found in the sql server config manager-> protocols for SQLEXPRESS->tcp/ip_>ip addresses->IP2->ip adress it is the correct ip address? Where can I find it if not? I am not using the localhost 127.0.0.1
In short to successfully execute the cmd.
config:
(2 instances of SQL // SQL2005 + 2008 Express instance on the remote machine, which refuses to install Management Studio 2008.
1. Enable TCP/IP Protocol
2. Enable Named Piptes
3. started sqlcmd Utility with -s \SQLEXPRESS to get the right sever-instance
C:\Program Files\Microsoft SQL Server\100\Tools\Binn
4. Go to SMSS and local sql instance properties -> Connections -> check "Allow remote connections to this server" and run this script.
EXEC sys.sp_configure N'remote access', N'1'
GO
RECONFIGURE WITH OVERRIDE
GO
Here the link for the info from Msdn:
http://msdn.microsoft.com/en-us/library/ms162773.aspx
http://msdn.microsoft.com/en-us/library/ms162816.aspx
Thanx