php LDAP 问题,ldap_bind 无效的 dn 语法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13487225/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
LDAP issue, ldap_bind invalid dn syntax
提问by Humberto
I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....
我知道我的错误将是非常简单的事情,但我试图找到问题,但我没有看到它,也许你可以帮助我....
I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.
我正在尝试使用 php 创建一个函数,这样我就可以连接到 LDAP 并找到所需的信息。
My php code is the following:
我的php代码如下:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:
当我尝试运行代码时,它给了我以下错误: ldap_bind 行 xxxx 上的无效 DN 语法,该行如下:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
回答by dearlbry
As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)
如错误中所述,您的绑定 DN 格式错误。DN 代表对象的完整路径 - 所以在你的情况下应该是这样的(看起来你在 AD 上?)
"cn=username,ou=domain users,dc=example,dc=com"
“cn=用户名,ou=域用户,dc=示例,dc=com”
Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you mightbe able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.
根据您的 LDAP 风格(Active Directory、OpenLDAP 等),您可能可以使用 uid(因此只是“用户名”)进行绑定,但最好假设您始终需要完整的 DN。
You can use an LDAP tool like Apache Directory Studioto help build queries and find out what object's DN's are. Or there's ldp.exetoo (provided it's AD), but directory studio is easier to use.
您可以使用Apache Directory Studio 之类的 LDAP 工具来帮助构建查询并找出对象的 DN 是什么。或者也有ldp.exe(如果它是 AD),但目录工作室更容易使用。
回答by jwilleke
On a DC, Executing: dsquery user -samid jim
在 DC 上,执行:dsquery user -samid jim
will reveal the DN of the user matching the sAMAccountName: "CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com"
将显示与 sAMAccountName 匹配的用户的 DN:“CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com”
http://ldapwiki.willeke.com/wiki/LDAP%20and%20Active%20Directory
http://ldapwiki.willeke.com/wiki/LDAP%20and%20Active%20Directory
