Note that you have to specify the protocol version prior to making a call to ldap_bind, when the server is expecting LDAP protocol version 3. If you do not, you will receive a warning and fail to bind, such as:
ldap_bind(): Unable to bind to server: Protocol error
In order to avoid this, make this call:
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
?>
Where $ds is the result returned by ldap_connect(...);
And this is example CODE for test your LDAP Server:
<?php
error_reporting(E_ALL & ~E_NOTICE);
$ldapconfig['host'] = 'ldap.kiss'; //Change your host
$ldapconfig['port'] = 389; //Default port
$ldapconfig['basedn'] = 'dc=kiss'; //change your basedn
$username = "quang.nguyen"; //Change your username
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$dn="uid=".$username.",ou=people,".$ldapconfig['basedn'];
if ($bind=ldap_bind($ds, $dn, $password)) {
echo("Login correct");
} else {
echo("Unable to bind to server.</br>");
echo("msg:'".ldap_error($ds)."'</br>");#check if the message isn't: Can't contact LDAP server :)
#if it say something about a cn or user then you are trying with the wrong $dn pattern i found this by looking at OpenLDAP source code :)
#we can figure out the right pattern by searching the user tree
#remember to turn on the anonymous search on the ldap server
if ($bind=ldap_bind($ds)) {
$filter = "(cn=*)";
if (!($search=@ldap_search($ds, $ldapconfig['basedn'], $filter))) {
echo("Unable to search ldap server<br>");
echo("msg:'".ldap_error($ds)."'</br>");#check the message again
} else {
$number_returned = ldap_count_entries($ds,$search);
$info = ldap_get_entries($ds, $search);
echo "The number of entries returned is ". $number_returned."<p>";
for ($i=0; $i<$info["count"]; $i++) {
print_r($info[$i]);#look for your user account in this pile of junk and apply the whole pattern where you build $dn to match exactly the ldap tree entry
}
}
} else {
echo("Unable to bind anonymously<br>");
echo("msg:".ldap_error($ds)."<br>");
}
}
Good luck!
No comments:
Post a Comment