drjk87189 2012-11-12 13:46
浏览 109

无法联系ldap_bind上的LDAP服务器($ con,$ rdn,$ pwd)

for a while now i'm fiddling around with an LDAP connection to an Active Directory Server for authentication. I tried this the PHP native way and also using Zend Framework. Even though the ldap_connect() works fine, as soon as i bind something, the ldapConnection appears to break down. This is the script i've tried

error_reporting(E_ALL | E_STRICT);
putenv('LDAPTLS_REQCERT=never');

$ldapcon = ldap_connect("FQSN", 636);

ldap_set_option($ldapcon, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapcon, LDAP_OPT_REFERRALS, 0);

$anon = ldap_bind($ldapcon, "CN=WebTestuserAW,OU=Benutzer,OU=DOM,DC=dom,DC=de", "Sommer2012");
//also tried: 
//$anon = ldap_bind($ldapcon, 'WebTestuserAW@dom.de', 'Sommer2012');

echo ldap_error($ldapcon);

Using the above i get Can't contact LDAP server. Doing a var_dump($ldapcon) returns a resource link. When trying to connect using the Zend Framework approach, the error may have some more hints, since some additional connection parameters are given

2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 1: host=FQHN,port=636,bindRequiresDn=1,baseDn=OU=Benutzer,OU=DOM,DC=dom,DC=de,accountFilterFormat=(sAMAccountName=%s),useSsl=1,useStartTls=,accountDomainName=dom.de,username=CN=WebTestuserAW,password=*****
2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 2: /var/www/html/login/library/Zend/Ldap.php(850): 0x1: Failed to retrieve DN for account: stosic@dvv.de [0x51 (Can't contact LDAP server): ldaps://FGHN:636]
2012-11-12T14:37:39+01:00 DEBUG (7): Ldap: 3: #0 /var/www/html/login/library/Zend/Auth/Adapter/Ldap.php(316): Zend_Ldap->bind('username@dom.de', '*****')

I seriously just have no clue anymore. I've googled around, played a bit with LDAP-Protocol Versions, played around with the request certificate option, but simply nothing helps. The connection to the server works per se on ldap_connect but as soon as you bind something it doesn't work anymore. This remains true for anonymous binds, too.

At office no one has any clue and neither do i. So if anyone has any suggestions on what i can still try, i'd be very greatful for that! Thanks in advance.

Additional information:

  • Server LDAP Config:
    • LDAP Support enabled
    • RCS Version $Id: ldap.c 299434 2010-05-17 20:09:42Z pajoye $
    • Total Links 0/unlimited
    • API Version 3001
    • Vendor Name OpenLDAP
    • Vendor Version 20343
    • SASL Support Enabled
  • Both ldap:// and ldaps:// has been tested
  • ldap_connect() returns a resource link
  • ldap_bind() doesn't work, ldap_errno() returns -1 (Can't connect to LDAP Server)
  • LDAPTLS_REQCERT and TLS_REQCERT
  • 写回答

1条回答 默认 最新

  • dongxieyi9115 2012-11-12 14:57
    关注

    By default, ldaps is not enabled in AD. Did you try connecting over port 389? Are you able to connect to it using some LDAP tool (like Apache Directory Studio)?

    That's my guess as to why it's not working... but try using the FQDN of the DC too, or maybe even an IP.

    评论

报告相同问题?

悬赏问题

  • ¥15 我想在一个软件里添加一个优惠弹窗,应该怎么写代码
  • ¥15 fluent的在模拟压强时使用希望得到一些建议
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏
  • ¥15 模糊pid与pid仿真结果几乎一样
  • ¥15 java的GUI的运用
  • ¥15 Web.config连不上数据库
  • ¥15 我想付费需要AKM公司DSP开发资料及相关开发。
  • ¥15 怎么配置广告联盟瀑布流