doulan6245
2014-07-30 14:11
浏览 67
已采纳

PHP LDAP绑定AD与服务器的用户帐户

I have some code that uses PHP and LDAP to connect to AD:

$host = 'ldap://stack.overflow.com';
$port = 389;
$username = 'stackOverflow';
$password = 'IaMP4ssWord';
$dn = 'CN=Users, DC=STACK, DC=OVERFLOW, DC=COM';
$cond = '(&(objectcategory=user)(displayname=*))';//All users that have a displayname

if($ldap = ldap_connect($host, $port))
{
    if(ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3))
    {
        if(ldap_bind($ldap, $username, $password))
        {
            $attrs = array('displayname', 'mail');
            if($rs = ldap_search($ldap, $dn, $cond, $attrs))
            {
                $results = ldap_get_entries($ldap, $rs);
                echo "<pre>";print_r($result);echo "</pre>";//Print the results
            }
        }
        else
        { echo 'Binding failed';}
    }
    else
    { echo 'Setting options failed';}
}
else
{ echo 'Connection failed'; }

Now this code works just fine. It print out every user that has a displayname in AD. Problem is for the username/password binding i am using my own user credential to bind to the server.

I would like to know if there is a way to bind using the servers credentials.

I am setup using PHP 5.3 + IIS on windows server 2008 R2 for both the server with IIS and the one that has AD.(two different VM).

I also know that IIS has a AD account named IISStackOverflow but I don't know the password or even if it has a password...

Thanks!

Oh! I tried changing $username to IISStackOverflow and $password to ''

But it gave invalid credential error.

--EDIT--

Do I have to do the binding part at all? (If I am only reading data)

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • dongzhimeng2464 2014-07-31 05:08
    最佳回答

    As you run it from server itself, and you just want to read I would try to use :

    ...
    if(ldap_bind($ldap))
    ...
    

    According to PHP documentation if bind_rdn and bind_password are not specified, an anonymous bind is attempted.

    Then if your anonymous logon is refused (this should not be, because running under IIS on the server your code is at least executed as a domain user) you will find there how to enable anonymous LDAP binds to Windows Server. This used to work forme on W2K8, Inever test it on W2K12.

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题