LDAP Authentication Using PHP

Question

LDAP Authentication Using PHP

I am trying to use LDAP authentication using PHP.
Below is my code:

<?php $ldaphost = 'ldap://ldapServer'; $ldapport = 389; $ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost"); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); //ldap_set_option($ds, LDAP_OPT_DEBUG_LEVEL, 7); if ($ds) { $username = " testuser@domain.com "; $upasswd = "testpass"; $ldapbind = ldap_bind($ds, $username, $upasswd); if ($ldapbind) {print "Congratulations! $username is authenticated.";} else {print "Access Denied!";} } ?>

But this causes an error below:

PHP warning: ldap_bind() : Cannot bind to server: cannot connect to LDAP server

Any idea how I can solve it?

Note. We need the ldap.config file somewhere, when I came across this term in some forum. I do not see such a file on my machine. I have php_ldap.dll in the ext folder and using Windows .

+4

authentication php ldap

anujin Sep 04 '12 at 7:48

source share

5 answers

Minras · Answer 1 · 2012-09-04T09:06:14+0000

When binding, you are not attached to the username, but to the DN .

Your $ username variable should look like this:

 $username = 'uid=testuser,ou=People,dc=domain,dc=com';

wikier · Answer 2 · 2012-09-04T08:54:22+0000

I think ldap_connect () does not require a protocol, so this naive patch should solve your problem:

 --- ldap.php.bak 2012-09-04 10:52:29.563203493 +0200 +++ ldap.php 2012-09-04 10:52:46.807203766 +0200 @@ -1,6 +1,6 @@ <?php -$ldaphost = 'ldap://ldapServer'; +$ldaphost = 'ldapServer'; $ldapport = 389; $ds = ldap_connect($ldaphost, $ldapport)

Check out the basic example in the official documentation.

Eliux · Answer 3 · 2014-01-24T19:49:26+0000

We proved it on the local network and worked well. If, for example, you use Ldap with Zentyal go https://serveriporname/Users/Composite/Settings , then use the options that it gives you in "User DN", so you take these addresses, which we will call $userdns , and you can prove the following code

 <?php //The variables are implicit $ad = ldap_connect($ldap_server) ; //Ex: 10.0.0.1 ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ; //Using the provided user and password to login into LDAP server. //For the dc, normally will be the domain. $sr=ldap_search($ad, $userdns, "cn=*usuario*"); $info = ldap_get_entries($ad, $sr); for ($i=0; $i<$info["count"]; $i++) { /*Print out the user information here. If you rather to request by other field than cn take its name from here*/ print_r($info[$i]); echo "<p><hr/></p>"; } $ds = ldap_bind($ad,"uid=$ldap_user,$userdns",$ldap_pass); if($ds){ echo "<h4>$ldap_user connect to LDAP server \"$ldap_domain\"</h4>"; } else { echo "<h4>Unable to connect to LDAP server</h4>"; } ldap_close($ad); ?>

Peter Noble · Answer 4 · 2014-02-21T14:18:42+0000

As Minras said, you are contacting with the wrong credentials. Try something like this:

 $ldaprdn = 'cn=binder,dc=domain,dc=com'; // ldap rdn or dn or proxy agent or admin $ldappass = 'password'; // associated password // connect to ldap server $ldapconn = ldap_connect("54.85.xx.xx") or die("Could not connect to LDAP server."); // Set some ldap options for talking to ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); if ($ldapconn) { // binding to ldap server $ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass); // verify binding if ($ldapbind) { echo "Done..\n</h1>"; } else { echo "Damn you LDAP...\n"; } }

Bentcoder · Answer 5 · 2015-06-20T21:20:08+0000

I'm not sure you still need an answer, but I would like to add something from my experience.

 $username = 'bentcoder'; $password = '123123'; $server = '192.168.32.4'; $domain = '@yourdomain.com'; $port = 389; $ldap_connection = ldap_connect($server, $port); if (! $ldap_connection) { echo '<p>LDAP SERVER CONNECTION FAILED</p>'; exit; } // Help talking to AD ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); $ldap_bind = @ldap_bind($ldap_connection, $username.$domain, $password); if (! $ldap_bind) { echo '<p>LDAP BINDING FAILED</p>'; exit; } // You can work now!!! ldap_close($ldap_connection);

Notes:

Expansion
php_ldap must be included in php.ini. [Extension = php_ldap.dll]
The IP address above [192.168.32.4] can be replaced by [yourdomain.com]
If you use Wamp, then you may run into strange problems, so since you remember that everything worked fine in version 1.9, but not higher than version.

Literature:

LDAP Authentication Using PHP

More articles: