doufangyan6862
2018-06-20 10:11 阅读 197
已采纳

PHP - 使用sAMAccountName通过简单绑定连接到LDAP

I'm trying to connect to LDAP that uses simple bind through PHP 7.2.

I used LDAP Admin desktop app to check my settings and everything works. The app uses my sAMAccountName in form of name.surname and password to log me in. I would like to achieve the same thing through PHP but the only way I managed to get a successful login was below:

$ldap_user   = "CN=Name Surname,OU=Users,OU=Sample,DC=sample,DC=othersample";
$ldap_pass   = "myPassword";

$c = ldap_connect("ldap://x.x.x.x", 389);
ldap_set_option($c, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($c, LDAP_ESCAPE_DN, 1);

ldap_bind($c, $ldap_user, $ldap_pass);

However, my goal is to have $ldap_user to be just the name.surname, the same way the app uses it.

Is there a way to achieve that?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    donglin6313 donglin6313 2018-06-21 13:43

    You will need to do a 3-step approach:

    1. Bind to the directory with a known user
    2. Search the directory for the entry with sAMAccountName "name.surname" and retrieve the DN for that entry
    3. Bind to the directory again now with the just retrieved DN and the user-provided Password.

    Have a look for an example at https://gist.github.com/heiglandreas/5689592

    When you are binding to an ActiveDirectory you might also be able to use the sAMAccountName directly when prefixed with the ADs domain like this: DOMAIN\sAMAccountName

    Hope that helps

    点赞 评论 复制链接分享

相关推荐