Facing Warnings LDAP using PHP wrong link resource

Facing Warnings LDAP using PHP wrong link resource - php

I am attempting to connect to active directory via LDAP in php. But i get the following warnings:
Warning: ldap_search(): supplied argument is not a valid ldap link resource in C:\Program Files (x86)\EasyPHP-12.1\www\GuestRegister\login.php on line 39
Warning: ldap_get_entries() expects parameter 1 to be resource, string given in C:\Program Files (x86)\EasyPHP-12.1\www\GuestRegister\login.php on line 41
entries returned
Can anyone help? :)
My code look like:
<?php
$ds = "10.33.85.172";
$ldaprdn = "CN=HackTeam,CN=Users,DC=cisco,DC=internal";
$ldappass = 'HackMe007';
// connect to ldap server
$ldapconn = ldap_connect("10.33.85.172")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "Connected to LDAP";
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$filter="(|(sn=guest-Juan*)(givenname=Juan*))";
$justthese = array("ou", "sn", "givenname", "mail");
$sr=ldap_search($ds, $ldaprdn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." entries returned\n";
} else {
echo "Connection to LDAP Failed";
}
}
?>

change:
$sr=ldap_search($ds, $ldaprdn, $filter, $justthese);
to
$sr=ldap_search($ldapconn, $ldaprdn, $filter, $justthese);
You should pass the connection resource as the first parameter to ldap_search, what you are passing is $ds which is just a string with the ldap server's ip.

Related

PHP - LDAP with SSL fail to bind

I have PHP 7.0 on CentOS 7. And I've installed php-ldap module as well.
# yum install -y php php-ldap
...
# php -m
...
ldap
...
Now the following PHP codes works:
<?php
$ldapconn = ldap_connect("dc.example.com", 389) or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
That works! I can connect, bind, and then even search for username johndoe and view his entire AD profile successfully.
Problem
But then I tried with SSL via port 636:
<?php
putenv('LDAPTLS_REQCERT=require');
putenv('LDAPTLS_CACERT=/var/www/html/servercert.der'); #I know, but this is just temporary location
$ldapconn = ldap_connect("dc.example.com", 636) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldaprdn = 'username';
$ldappass = 'password';
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "DC=example,DC=com", "(sAMAccountName=johndoe)");
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
I got this error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index.php on line 14
LDAP bind failed...
Warning: ldap_search(): Search: Can't contact LDAP server in......
What am I missing please?
Note:
We have port 636 opened on Windows AD Server and it is reachable from this PHP web server.
Server certificate is valid.

I figured out the ldap_connect should be as below:
ldap_connect("ldaps://dc.example.com:636")
And then all of sudden it worked!
Note: If it is on Apache, it is worth restarting it after changing to above code.

Active directory authentication in php

I was trying to check authentication with Active Directory in php. I tried the below code but I am getting an error. I followed the link https://www.php.net/manual/en/function.ldap-bind.php .
Code:
<?php
// using ldap bind
$ldaprdn = 'Administrator'; // ldap rdn or dn
$ldappass = '****'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldap://dc1.example.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
Error :
PHP Warning: ldap_bind(): Unable to bind to server: Invalid
credentials in /root/ldap1.php on line 14 LDAP bind failed...

How can I search for a user in LDAP while using anonymous binding?

I am trying to search for a user in LDAP while doing anonymous binding. First of all is this possible?
Here is a working code.
$ldaphost = "dc.mydomain.com"; // your ldap server
$ldapport = 389; // your ldap server's port number
$ldapuser = "username#mydomain.com";
$ldappass = "somepass";
$basedn = 'dc=mydomain,dc=com';
$searchfor = 'seconduser';
//Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport) or die("Could not connect to" . $ldaphost);
if ($ldapconn)
{
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
// binding to ldap server
$ldapbind = ldap_bind($ldapconn,$ldapuser, $ldappass);
$filter = '(&(samaccounttype=805306368)(samaccountname=' . $searchfor . '))';
$result = ldap_search($ldapconn, $basedn, $filter, array('samaccountname'));
$info = ldap_get_entries($ldapconn, $result);
echo '<pre>';
print_r($info);
}
The only thing with the above code is that I would have to provide an user for binding. I would like to do anonymous instead. To do that I changed the following line of code from
$ldapbind = ldap_bind($ldapconn,$ldapuser, $ldappass);
to
$ldapbind = ldap_bind($ldapconn);
But this is giving me the following error in the ldap_search()
ldap_search(): Search: Operations error
How can I search for a user in LDAP with anonymous binding?

Your Active Directory administrators should have told you, that anonymous access is disabled by default. Most likely they are not willing to change it. For an application, ask for a service account (stable password).

php ldap_search Operations error

I want to use the following php script to retrieve AD Users (Windows 2008R2) who have the "proxyAddresses" attribute set:
<?php
$ldaprdn = 'ldapbind#test.net';
$ldappass = 'testpass';
$ldapconn = ldap_connect("ldap://10.1.20.254:389")
or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind) {
echo "LDAP bind successful...\n";
$result = ldap_search($ldapconn, "CN=Users,DN=test,DN=net", "(proxyAddresses=*)")
or die ("Error in serach query: " . ldap_error($ldapconn));
$data = ldap_get_entries($ldapconn, $result);
print_r($data);
} else {
echo "LDAP bind failed...";
}
}
?>
It binds successful, but then i get warning and error message:
PHP Warning: ldap_search() Operations error in ..... on line .. (the ldap_search line)
and
Error in search query: Operations error
When i execute an ldapsearch on the console:
ldapsearch -h 10.1.20.254 -p 389 -D 'ldapbind#test.net' -w 'testpass' -b 'CN=Users,DC=test,DC=net' '(proxyAddresses=*)' cn proxyAddresses mail
i get the desired results.
It's running on "CentOS release 6.4 (Final).
Thanks in advance

Searching for email address ldap active directory

I am trying to search an active directory using ldap. I want to be able to return the users email address. How can this be done? So far I have the following, but nothing seems to happen.
I just want to return mail based on the attributes given in $filter. The ldap bind seems to work fine.
Thanks :)
<!DOCTYPE HTML>
<html>
<head>
<title>Cisco Guest Register</title>
</head>
<body>
<?php
$ldaprdn = "CN=antwest,OU=Employees,OU=Cisco Users,DC=cisco,DC=com";
$ldappass = 'Chandler1';
// connect to ldap server
$ldapconn = ldap_connect("ldap://ds.cisco.com:389")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if (!$ldapbind) {
echo "Connection to LDAP Failed";
}
echo "Connected to LDAP";
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$filter="(|(cn=antwest*)(ou=cisco*))";
$justthese = array("mail");
$sr=ldap_search($ldapconn, $ldaprdn, $filter, $justthese);
$info = ldap_get_entries($ldapconn, $sr);
echo $info["count"]." entries returned\n";
}
?>
</body>
</html>

It's important to set ldap_set_option before call ldap_bind:
$ldapconn = ldap_connect("ldap://ds.cisco.com:389");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

To print just the email, and if your search is succeded, then use this line:
echo $info[0]["mail"][0];

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Facing Warnings LDAP using PHP wrong link resource - php

change: $sr=ldap_search($ds, $ldaprdn, $filter, $justthese); to $sr=ldap_search($ldapconn, $ldaprdn, $filter, $justthese); You should pass the connection resource as the first parameter to ldap_search, what you are passing is $ds which is just a string with the ldap server's ip.

Related

PHP - LDAP with SSL fail to bind

Active directory authentication in php

How can I search for a user in LDAP while using anonymous binding?

php ldap_search Operations error

Searching for email address ldap active directory

Categories

Resources