doufangyan6862 2018-06-20 10:11
浏览 284
已采纳

PHP - 使用sAMAccountName通过简单绑定连接到LDAP

I'm trying to connect to LDAP that uses simple bind through PHP 7.2.

I used LDAP Admin desktop app to check my settings and everything works. The app uses my sAMAccountName in form of name.surname and password to log me in. I would like to achieve the same thing through PHP but the only way I managed to get a successful login was below:

$ldap_user   = "CN=Name Surname,OU=Users,OU=Sample,DC=sample,DC=othersample";
$ldap_pass   = "myPassword";

$c = ldap_connect("ldap://x.x.x.x", 389);
ldap_set_option($c, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($c, LDAP_ESCAPE_DN, 1);

ldap_bind($c, $ldap_user, $ldap_pass);

However, my goal is to have $ldap_user to be just the name.surname, the same way the app uses it.

Is there a way to achieve that?

  • 写回答

1条回答 默认 最新

  • donglin6313 2018-06-21 13:43
    关注

    You will need to do a 3-step approach:

    1. Bind to the directory with a known user
    2. Search the directory for the entry with sAMAccountName "name.surname" and retrieve the DN for that entry
    3. Bind to the directory again now with the just retrieved DN and the user-provided Password.

    Have a look for an example at https://gist.github.com/heiglandreas/5689592

    When you are binding to an ActiveDirectory you might also be able to use the sAMAccountName directly when prefixed with the ADs domain like this: DOMAIN\sAMAccountName

    Hope that helps

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 keepalive配置业务服务双机单活的方法。业务服务一定是要双机单活的方式
  • ¥50 关于多次提交POST数据后,无法获取到POST数据参数的问题
  • ¥15 win10,这种情况怎么办
  • ¥15 如何在配置使用Prettier的VSCode中通过Better Align插件来对齐等式?(相关搜索:格式化)
  • ¥100 在连接内网VPN时,如何同时保持互联网连接
  • ¥15 MATLAB中使用parfor,矩阵Removal的有效索引在parfor循环中受限制
  • ¥20 Win 10 LTSC 1809版本如何无损提升到20H1版本
  • ¥50 win10 LTSC 虚拟键盘不弹出
  • ¥30 微信小程序请求失败,网页能正常带锁访问
  • ¥15 Matlab求解微分方程,如何用fish2d进行预优?