We Keep Coding

Issue connecting to LDAP through PHP

My company recently changed domains due to an ownership change and I am having an issue getting my LDAP bind to complete on the new domain.
My connect command creates the resource correctly but when I go to bind I get the error.
"Warning: ldap_bind(): Unable to bind to server: Strong(er) authentication required"
I am not using ldaps. I have confirmed I have the correct domain url for LDAP.
$ad is the resource, $dmun is the username with domain added and the $pw is the password.
$bd = ldap_bind($ad,$dmun,$pw);
It's an intranet site.

Try This code. This code worked for me
$username = 'username';
$password = 'password';
$ldap_host = "domain.com";
$ldap_port = 389;
$base_dn = "DC=domain,DC=com";
$filter = '(sAMAccountName=' . $username . ')';
$connect = ldap_connect($ldap_host, $ldap_port) or exit("Error : Could not connect to LDAP server.");
if ($connect) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (#$bind = ldap_bind($connect, "$username#domain.com", $password)) {
echo "Bind Successfull";
} else {
echo "Invalid Username / Password";
}
}

Error trying to bind invalid credentials

I am trying to connect to LDAP server but I am always getting 'Error trying to bind: invalid credentials' when I supplied the right credentials. How do I troubleshoot this issue? How do I know if connection is successful? I am stuck here please let me know if there are any suggestions.
<?php
$domain = 'school123.edu';
$username = 'test';
$password = 'password';
$ldapconfig['host'] = 'server123';
$ldapconfig['port'] = 389;
$ldapconn=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $username, $password) or die ("Error trying to bind: ".ldap_error($ldapconn));
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...<br /><br />";
} else {
echo "LDAP bind failed...";
}
$dn='dc=school123,dc=edu';
$result = ldap_search($ldapbind,$dn,'(&(objectClass=*)(sAMAccountName=' . $username. '))');
$entries = ldap_get_entries($ldapconn, $result);
echo $entries["count"]." entries returned\n";
// all done? clean up
ldap_close($ldapconn);
?>

PHP cannot anonymously bind to LDAP

Problem is that I can connect LDAP through PHP but I cannot bind to it.
In Apache Directory Studio I can connect and bind without any problem but in PHP result is always "FAIL".
How to bind to LDAP with PHP?
<?php
$ldaphost = "ldaps://server.net";
$ldapport = 636;
$ldapconn = ldap_connect($ldaphost, $ldapport);
if($ldapconn){
echo 'Connected';
$ldapbind = ldap_bind($ldapconn);
if($ldapbind){
echo "OK";
} else {
echo "FAIL";
}
}

Try to set the protocol version
<?php
// Anonymous connection
$ldaphost = "ldaps://server.net";
$ldapport = 636;
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Cannot connect to LDAP server.");
if ($ldapconn) {
echo 'Connected';
// set protocol version
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
// anonymous identification
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
echo 'OK';
} else {
echo 'FAIL';
}
}
?>

LDAP bind using POST variable for UID?

I am working on a login form that uses LDAP to authenticate users. However I do not know how to pass the username as a POST variable along with the DN credentials. This is working allowing me to send a password from a login form:
<?php
// using ldap bind
$ldaprdn = 'uid=my.name,cn=XXX,dc=XXX,dc=XXX,dc=XXX'; // ldap rdn or dn
$ldappass = $_POST['userPassword']; // user password
// connect to ldap server
$ldapconn = ldap_connect("server.domain.com")
or die("Could not connect to LDAP server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
// binding to ldap server
$ldapbind = #ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...\n";
} else {
echo "LDAP bind failed...\n";
}
}
?>
However this does not when trying to append the value contained within the POST variable to the CN and DN values.
<?php
// using ldap bind
$ldaprdn = "uid = . $_POST['userLogin'] . 'cn=XXX,dc=XXX,dc=XXX,dc=XXX'"; // ldap rdn or dn
$ldappass = $_POST['userPassword']; // user password
// connect to ldap server
$ldapconn = ldap_connect("server.domain.com")
or die("Could not connect to LDAP server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
// binding to ldap server
$ldapbind = #ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...\n";
} else {
echo "LDAP bind failed...\n";
}
}
?>
Can this be achieved this way? I believe I can only pass three variables using the LDAP_bind function,
Many Thanks

You are incorrectly using quotes here and have missed a comma:
$ldaprdn = "uid = . $_POST['userLogin'] . 'cn=XXX,dc=XXX,dc=XXX,dc=XXX'";
should be
$ldaprdn = 'uid =' . $_POST['userLogin'] . ',cn=XXX,dc=XXX,dc=XXX,dc=XXX';
or
$ldaprdn = "uid =$_POST['userLogin'],cn=XXX,dc=XXX,dc=XXX,dc=XXX";
Remember that using single quotes around variables will not resolve the variable to its value (and thus concatenation is required), but using double quotes will.
And on top of that: never work with user-inputted-data directly in your scripts - validate the input or at the very least use htmlentities() or strip_tags()...

PHP LDAP Login Issue

I am having a little trouble with my PHP LDAP login. My first bind is successful, but my second bind is not even if the credentials are correct. I tried using the credentials I use to the second bind in the first one to make sure it worked, and sure enough it can bind it at the first one. Why am I not being able to bind the second time?
<?php
// Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];
// using ldap bind
$ldaprdn = 'uid=MYUID,ou=special,ou=people,o=myo.com,dc=mydc,dc=com'; // ldap rdn or dn
$ldappass = 'PASSWORD'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldaps://MYLDAPSERVER", ###)
or die("Could not connect to LDAP server.");
if ($ldapconn)
{
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind)
{
$result = ldap_search($ldapconn, "ou=people,o=myo.com,dc=mydc,dc=com", "uid=$username");
$info = ldap_get_entries($ldapconn, $result);
$userdn = $info[0]["dn"];
$count = $info["count"];
ldap_unbind($ldapconn);
if ($count == 1)
{
$ldapbinduser = ldap_bind($ldapconn, $userdn, $password);
if ($ldapbinduser)
{
echo "Sucess you made it all the way<br />";
}
else
{
echo "Invalid Login Details, please try again(1001)";
}
}
else
{
echo "Invalid Login Details, please try again(1002)";
}
}
else
{
echo "LDAP bind failed(1000)";
}
}

Although its name might implicate something different, ldap_unbind() actually kills the connection handle so that the connection is not usable any more after an unbind. Remove the ldap_unbind() call from your code and everything should work as expected.