PHP LDAP登录脚本

I'm new to LDAP binding script, I'm trying to check if the script I found is correct to be able to use it back on my company as LDAP authentication script, for this I'm using this https://documize.github.io/ad-ldap-test-server/, everything seems to be working but the only way I get through the authentication is using something like this: CN=Mr Manager,CN=Users,DC=mycompany,DC=local as username. When I use the username itself for instance (Mr Manager) get the message: "Unable to login: Invalid credentials".

Something is missing, something not resolving the username but I can't get it, here the code I'm using.

    <?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');

define('DOMAIN_FQDN', 'DC=mycompany,DC=local');
define('LDAP_SERVER', 'documize-ad.eastus.cloudapp.azure.com');

if (isset($_POST['submit']))
{
    $user = $_POST['username'];
    $pass = $_POST['password']; //Pass@word1!

    $conn = ldap_connect("ldap://".LDAP_SERVER."/",389);

    if (!$conn)
        $err = 'Could not connect to LDAP server';

    else
    {
        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if (!empty($extended_error))
        {
            $errno = explode(',', $extended_error);
            $errno = $errno[2];
            $errno = explode(' ', $errno);
            $errno = $errno[2];
            $errno = intval($errno);

            if ($errno == 532)
                $err = 'Unable to login: Password expired';
        }

        elseif ($bind)
        {
            $base_dn = array("CN=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), 
                "DC=". join(',DC=', explode('.', DOMAIN_FQDN)));

            $result = ldap_search(array($conn,$conn), $base_dn, "(CN=*)");

            if (!count($result))
                $err = 'Unable to login: '. ldap_error($conn);

            else
            {
                foreach ($result as $res)
                {
                    $info = ldap_get_entries($conn, $res);

                    for ($i = 0; $i < $info['count']; $i++)
                    {
                        if (isset($info[$i]['displayName']) AND strtolower($info[$i]['displayName'][0]) == strtolower($user))
                        {
                            session_start();

                            $username = explode('@', $user);
                            $_SESSION['foo'] = 'bar';

                            // set session variables...

                            break;
                        }
                    }
                }
            }
        }
    }

    // session OK, redirect to home page
    if (isset($_SESSION['foo']))
    {
        header('Location:"index.php"');
        exit();
    }

    elseif (!isset($err)) $err = 'Unable to login: '. ldap_error($conn);

    ldap_close($conn);
}
?>
<!DOCTYPE html><head><title>Login</title></head>
<style>
* { font-family: Calibri, Tahoma, Arial, sans-serif; }
.errmsg { color: red; }
#loginbox { font-size: 12px; }
</style>
<body>
<div align="center"><img id="imghdr" src="img/logo.jpg" height="300" /><br><br><h2>CREDENTIALS</h2><br><br>

<div style="margin:10px 0;"></div>
<div title="Login" style="width:500px" id="loginbox">
    <div style="padding:10px 0 10px 0px">
    <form action="login.php" id="login" method="post">
        <table><?php if (isset($err)) echo '<tr><td colspan="2" class="errmsg">'. $err .'</td></tr>'; ?>
            <tr>
                <td>User:</td>
                <td><input type="text" name="username" style="border: 1px solid #ccc;" autocomplete="off"/></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="password" name="password" style="border: 1px solid #ccc;" autocomplete="off"/></td>
            </tr>
        </table>
        <input class="button" type="submit" name="submit" value="Login" />
    </form>
    </div>
</div>
</div>
</body>
</html>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doupao6011 2018-10-22 18:46
关注
The general way to implement a LDAP login is:

Bind with an application user to the LDAP server

Search for the user's entry with the user name, e.g. with a filter like (uid=<username>) or in case of MS AD (sAMAccountName=<username>)

Use the DN of the found user entry as bind-DN in a new bind request

Security:

Don't forget disambiguation check when processing user search results! Only process the login if the search returns exactly one user entry.

Refuse empty password input as failed login! Some LDAP servers will happily return LDAP result code ok(0) when using empty password in a bind request.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP LDAP会话持久性 php
2019-02-04 15:31

回答 1 已采纳 The problem is not about LDAP, the problem is about HTTP. HTTP is a stateless protocol whereas LD
LDAP CHANGE PASSWORD PHP php ssl
2018-06-06 04:04

回答 1 已采纳 You need to be on a secured connection to modify a password (and probably other security related o
PHP组的LDAP成员 php windows
2016-05-13 11:37

回答 1 已采纳 You might want to have a look at this stack-overflow question to see how to solve it without a lib
simple-php-LDAP-Authentication:这是一个简单PHP LDAP身份验证脚本，允许用户绑定到LDAP，而不必创建自己的身份验证方法
2021-05-09 00:31

简单的php-LDAP-身份验证这是一个简单PHP LDAP身份验证脚本，允许用户绑定到LDAP，而不必创建自己的身份验证方法。
PHP LDAP - 获取内部字段 php
2016-09-29 05:54

回答 2 已采纳 You can retrieve them using '+' as attribute-name. So you should be able to fetch them using ldap
PHP LDAP克服大小限制 php
2014-07-23 14:33

回答 1 已采纳 According to php.net/manual/...ldap-search, you should set the $sizelimit parameter to 0 to disab
PHP脚本中的PHP LDAP调试输出 php
2014-12-15 08:55

回答 1 已采纳 Thanks to Redirect Windows cmd stdout and stderr to a single file I can answer my own question. Th
PHP 相关项目：如简单的 PHP遗传算法、LDAP 登录、Websockets 等_JavaScript_代码_下载
2022-06-18 23:08

phpLDAPWindows PHP 示例连接到 LDAP 服务器 PHP phpDBLogEvent 如何将 CLI 事件记录到 MySQL 或 SQLite 的 PHP 示例 PHP simple_cahce PHP 如何轻松地将动态页面缓存到静态文本页面中 PHP phpContent编辑使用带有 ...
php ldap检索dn的值 php
2016-05-24 06:30

回答 1 已采纳 Because of ou and dc might have multiple values, you should store those values in array. Thanks to
PHP LDAP，ldap_search只返回少数用户 php
2017-03-06 15:55

回答 1 已采纳 try to play with the scope (it can be sub, one, or base), if you want all entries from child OUs,
从外部访问phpldap管理员 php
2015-12-07 22:19

回答 1 已采纳 I could access by correcting the url : it is a secure one, so using https://@IP-internet-box/myorg
php ldap查询账号状态,用于检查用户是否在数据库中然后验证到LDAP的PHP脚本
2021-04-26 17:49

月明朗的博客 $mysqli->...如果用户名在我的数据库中，我想要他们，然后尝试授权给我的LDAP服务器。if($stmt->num_rows === 0){ ...下面的代码可以在没有mysqli的情况下测试用户名是否在数据库中。现在，如...
PHP LDAP绑定间歇性问题 php
2013-08-28 21:33

回答 3 已采纳 Make sure you give the full DNS name for the ldap_host, e.g. myhost.mydomain.com.
php 连接 ldap 实例,使用PHP连接LDAP服务器
2021-04-21 07:55

AS思远的博客本文将演示如何使用PHP连接一个LDAP服务器。具体的例子是连接到一个公共的LDAP服务器并且进行搜索。这个例子模拟的是Netscape Communicator 4.*，通过自己的地址本连接到LDAP资源。LDAP介绍可能不少人已经听说过LDAP...
zabbix php ldap支持,安装zabbix时PHP ldap Warning
2021-03-22 03:35

weixin_39723102的博客一、如果是源码编译[root@DaMoWang php-7.2.]# ls /usr/local/php/lib/php/extensions/no-debug-non-zts-/opcache.a opcache.so# 出现告警是因为ldap模块不存在，须要编译生成此模块并重新加载到源码包的解压目录下...
没有解决我的问题, 去提问

悬赏问题

¥15 如何在scanpy上做差异基因和通路富集？
¥20 关于#硬件工程#的问题，请各位专家解答！
¥15 关于#matlab#的问题：期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707，使系统具有较小的超调量
¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
¥30 截图中的mathematics程序转换成matlab
¥15 动力学代码报错，维度不匹配
¥15 Power query添加列问题
¥50 Kubernetes&Fission&Eleasticsearch
¥15 報錯：Person is not mapped，如何解決？
¥15 c++头文件不能识别CDialog

PHP LDAP登录脚本

1条回答 默认 最新

悬赏问题

1条回答默认最新