使用 PHP 的 LDAP 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12258945/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
LDAP Authentication using PHP
提问by anujin
I am trying to use LDAP authentication using PHP.
Below is my code:
我正在尝试使用 PHP 进行 LDAP 身份验证。
下面是我的代码:
<?php
$ldaphost = 'ldap://ldapServer';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
//ldap_set_option($ds, LDAP_OPT_DEBUG_LEVEL, 7);
if ($ds)
{
$username = "[email protected]";
$upasswd = "testpass";
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{print "Congratulations! $username is authenticated.";}
else
{print "Access Denied!";}
}
?>
But it raises the below error:
但它引发了以下错误:
PHP Warning:
ldap_bind(): Unable to bind to server: Can't contact LDAP server
PHP 警告::
ldap_bind()无法绑定到服务器:无法联系 LDAP 服务器
Any idea as how can I get it resolved?
有什么想法可以解决吗?
Note:Do we need ldap.configfile somewhere as I came across this term on some forum. I don't see any such file on my machine. I have php_ldap.dllin ext folder and using Windows.
注意:ldap.config当我在某个论坛上遇到这个术语时,我们是否需要在某处文件。我在我的机器上没有看到任何这样的文件。我php_ldap.dll在 ext 文件夹中并使用Windows.
回答by Minras
回答by EliuX
We proved it in a local network and it worked well. If for example you are using Ldap with Zentyal go https://serveriporname/Users/Composite/Settingsand then take the options it gives you in the "User DN" so you take that addresss we will call $userdnsand you may prove the following code
我们在本地网络中证明了这一点,并且运行良好。例如,如果您将 Ldap 与 Zentyal 一起使用https://serveriporname/Users/Composite/Settings,然后选择它在“用户 DN”中为您提供的选项,那么您使用我们将调用的地址$userdns,您可以证明以下代码
<?php
//The variables are implicit
$ad = ldap_connect($ldap_server) ; //Ex: 10.0.0.1
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
//Using the provided user and password to login into LDAP server.
//For the dc, normally will be the domain.
$sr=ldap_search($ad, $userdns, "cn=*usuario*");
$info = ldap_get_entries($ad, $sr);
for ($i=0; $i<$info["count"]; $i++) {
/*Print out the user information here. If you rather to request by other field than cn take its name from here*/
print_r($info[$i]);
echo "<p><hr/></p>";
}
$ds = ldap_bind($ad,"uid=$ldap_user,$userdns",$ldap_pass);
if($ds){
echo "<h4>$ldap_user connect to LDAP server \"$ldap_domain\"</h4>";
} else {
echo "<h4>Unable to connect to LDAP server</h4>";
}
ldap_close($ad);
?>
回答by Peter Noble
Just as Minras was saying, you are binding with the wrong credentials. Try something like this:
正如 Minras 所说,您绑定了错误的凭据。尝试这样的事情:
$ldaprdn = 'cn=binder,dc=domain,dc=com'; // ldap rdn or dn or proxy agent or admin
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("54.85.xx.xx")
or die("Could not connect to LDAP server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
// binding to ldap server
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "Done..\n</h1>";
} else {
echo "Damn you LDAP...\n";
}
}
回答by BentCoder
I'm not sure if you still need an answer for it not but I would like to add something from my experience.
我不确定您是否仍然需要答案,但我想根据我的经验补充一些内容。
$username = 'bentcoder';
$password = '123123';
$server = '192.168.32.4';
$domain = '@yourdomain.com';
$port = 389;
$ldap_connection = ldap_connect($server, $port);
if (! $ldap_connection)
{
echo '<p>LDAP SERVER CONNECTION FAILED</p>';
exit;
}
// Help talking to AD
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
$ldap_bind = @ldap_bind($ldap_connection, $username.$domain, $password);
if (! $ldap_bind)
{
echo '<p>LDAP BINDING FAILED</p>';
exit;
}
// You can work now!!!
ldap_close($ldap_connection);
Notes:
笔记:
php_ldapextension should be enabled in php.ini. [extension=php_ldap.dll]- IP address above [192.168.32.4] can be replaced with [yourdomain.com]
- If you're using Wamp then you might run into strange issues so as far as remember all worked fine under version 1.9 but not with above versions.
php_ldap扩展应在 php.ini 中启用。[扩展名=php_ldap.dll]- [192.168.32.4]以上的IP地址可以替换为[yourdomain.com]
- 如果您使用的是 Wamp,那么您可能会遇到奇怪的问题,只要记得在 1.9 版下一切正常,但在以上版本中则不然。
References:
参考:
回答by wikier
I guess ldap_connect()doesn't requires the protocol, so this naive patch should solve your issue:
我猜ldap_connect()不需要协议,所以这个天真的补丁应该可以解决你的问题:
--- ldap.php.bak 2012-09-04 10:52:29.563203493 +0200
+++ ldap.php 2012-09-04 10:52:46.807203766 +0200
@@ -1,6 +1,6 @@
<?php
-$ldaphost = 'ldap://ldapServer';
+$ldaphost = 'ldapServer';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
Check the basic exampleat the official documentation.
检查官方文档中的基本示例。
