I am trying to use LDAP authentication using PHP.
Below is my code:
<?php
$ldaphost = 'ldap://ldapServer';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
//ldap_set_option($ds, LDAP_OPT_DEBUG_LEVEL, 7);
if ($ds)
{
$username = "[email protected]";
$upasswd = "testpass";
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{print "Congratulations! $username is authenticated.";}
else
{print "Access Denied!";}
}
?>
But it raises the below error:
PHP Warning:
ldap_bind(): Unable to bind to server: Can't contact LDAP server
Any idea as how can I get it resolved?
Note: Do we need ldap.config file somewhere as I came across this term on some forum. I don't see any such file on my machine. I have php_ldap.dll in ext folder and using Windows.
5 Answers 5
When you bind, you bind not to the username, but to DN.
Your $username variable should look like this:
$username = 'uid=testuser,ou=People,dc=domain,dc=com';
1 Comment
I guess ldap_connect() doesn't requires the protocol, so this naive patch should solve your issue:
--- ldap.php.bak 2012年09月04日 10:52:29.563203493 +0200
+++ ldap.php 2012年09月04日 10:52:46.807203766 +0200
@@ -1,6 +1,6 @@
<?php
-$ldaphost = 'ldap://ldapServer';
+$ldaphost = 'ldapServer';
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
Check the basic example at the official documentation.
Comments
I'm not sure if you still need an answer for it not but I would like to add something from my experience.
$username = 'bentcoder';
$password = '123123';
$server = '192.168.32.4';
$domain = '@yourdomain.com';
$port = 389;
$ldap_connection = ldap_connect($server, $port);
if (! $ldap_connection)
{
echo '<p>LDAP SERVER CONNECTION FAILED</p>';
exit;
}
// Help talking to AD
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
$ldap_bind = @ldap_bind($ldap_connection, $username.$domain, $password);
if (! $ldap_bind)
{
echo '<p>LDAP BINDING FAILED</p>';
exit;
}
// You can work now!!!
ldap_close($ldap_connection);
Notes:
php_ldapextension should be enabled in php.ini. [extension=php_ldap.dll]- IP address above [192.168.32.4] can be replaced with [yourdomain.com]
- If you're using Wamp then you might run into strange issues so as far as remember all worked fine under version 1.9 but not with above versions.
References:
Comments
We proved it in a local network and it worked well. If for example you are using Ldap with Zentyal go https://serveriporname/Users/Composite/Settings and then take the options it gives you in the "User DN" so you take that addresss we will call $userdns and you may prove the following code
<?php
//The variables are implicit
$ad = ldap_connect($ldap_server) ; //Ex: 10.0.0.1
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ;
//Using the provided user and password to login into LDAP server.
//For the dc, normally will be the domain.
$sr=ldap_search($ad, $userdns, "cn=*usuario*");
$info = ldap_get_entries($ad, $sr);
for ($i=0; $i<$info["count"]; $i++) {
/*Print out the user information here. If you rather to request by other field than cn take its name from here*/
print_r($info[$i]);
echo "<p><hr/></p>";
}
$ds = ldap_bind($ad,"uid=$ldap_user,$userdns",$ldap_pass);
if($ds){
echo "<h4>$ldap_user connect to LDAP server \"$ldap_domain\"</h4>";
} else {
echo "<h4>Unable to connect to LDAP server</h4>";
}
ldap_close($ad);
?>
Comments
Just as Minras was saying, you are binding with the wrong credentials. Try something like this:
$ldaprdn = 'cn=binder,dc=domain,dc=com'; // ldap rdn or dn or proxy agent or admin
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("54.85.xx.xx")
or die("Could not connect to LDAP server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
// binding to ldap server
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "Done..\n</h1>";
} else {
echo "Damn you LDAP...\n";
}
}
mod_auth_ldap? This will do everything for you.ldap_connect()does not require theldap://wrapper, it automatically assumes you are connecting to an LDAP server, you only need to specify a protocol if you are usingldaps://. Try just supplying the hostname/IP address. Also, verify that the LDAP server is able to accept connections from external machines on TCP/UDP 389 (check the firewall and the binding address of the server). You should not needldap.config. Note thatldap_connect()- despite the name - does not initiate a connection to the server, it only prepares the resource for use.