LDAP Authentication using PHP

Question

I am trying to use LDAP authentication using PHP.
Below is my code:

<?php

$ldaphost = 'ldap://ldapServer';
$ldapport = 389;

$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
//ldap_set_option($ds, LDAP_OPT_DEBUG_LEVEL, 7);
if ($ds) 
{
    $username = "testuser@domain.com";
    $upasswd = "testpass";

    $ldapbind = ldap_bind($ds, $username, $upasswd);


    if ($ldapbind) 
        {print "Congratulations! $username is authenticated.";}
    else 
        {print "Access Denied!";}


}
?>

But it raises the below error:

PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server

Any idea as how can I get it resolved?

Note: Do we need ldap.config file somewhere as I came across this term on some forum. I don't see any such file on my machine. I have php_ldap.dll in ext folder and using Windows.

Answer 1

I'm not sure if you still need an answer for it not but I would like to add something from my experience.

$username   = 'bentcoder';
$password   = '123123';
$server = '192.168.32.4';
$domain = '@yourdomain.com';
$port       = 389;

$ldap_connection = ldap_connect($server, $port);

if (! $ldap_connection)
{
    echo '<p>LDAP SERVER CONNECTION FAILED</p>';
    exit;
}

// Help talking to AD
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);

$ldap_bind = @ldap_bind($ldap_connection, $username.$domain, $password);

if (! $ldap_bind)
{
    echo '<p>LDAP BINDING FAILED</p>';
    exit;
}

// You can work now!!!

ldap_close($ldap_connection);

Notes:

• php_ldap extension should be enabled in php.ini. [extension=php_ldap.dll]
• IP address above [192.168.32.4] can be replaced with [yourdomain.com]
• If you're using Wamp then you might run into strange issues so as far as remember all worked fine under version 1.9 but not with above versions.

References:

• Mozilla LDAP C SDK Programmer's Guide
• LDAP Functions

Answer 2

Just as Minras was saying, you are binding with the wrong credentials. Try something like this:

$ldaprdn  = 'cn=binder,dc=domain,dc=com';     // ldap rdn or dn or proxy agent or admin
$ldappass = 'password';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("54.85.xx.xx")
        or die("Could not connect to LDAP server.");

// Set some ldap options for talking to 
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {

        // binding to ldap server
        $ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);

        // verify binding
        if ($ldapbind) {
            echo "Done..\n</h1>";
        } else {
            echo "Damn you LDAP...\n";
        }

}

Answer 3

We proved it in a local network and it worked well. If for example you are using Ldap with Zentyal go https://serveriporname/Users/Composite/Settings and then take the options it gives you in the "User DN" so you take that addresss we will call $userdns and you may prove the following code

<?php
       //The variables are implicit

    $ad = ldap_connect($ldap_server) ;  //Ex: 10.0.0.1
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) ; 

       //Using the provided user and password to login into LDAP server.
       //For the dc, normally will be the domain. 

        $sr=ldap_search($ad, $userdns, "cn=*usuario*");

        $info = ldap_get_entries($ad, $sr);

       for ($i=0; $i<$info["count"]; $i++) {
          /*Print out the user information here. If you rather to request by other field than cn take its name from here*/
          print_r($info[$i]);
          echo "<p><hr/></p>";
        }
       $ds = ldap_bind($ad,"uid=$ldap_user,$userdns",$ldap_pass);
       if($ds){
      echo "<h4>$ldap_user connect to LDAP server \"$ldap_domain\"</h4>";
       } else {
         echo "<h4>Unable to connect to LDAP server</h4>";
       }  
       ldap_close($ad);
?>

Answer 4

When you bind, you bind not to the username, but to DN.

Your $username variable should look like this:

$username = 'uid=testuser,ou=People,dc=domain,dc=com';

Answer 5

I guess ldap_connect() doesn't requires the protocol, so this naive patch should solve your issue:

--- ldap.php.bak    2012-09-04 10:52:29.563203493 +0200
+++ ldap.php    2012-09-04 10:52:46.807203766 +0200
@@ -1,6 +1,6 @@
 <?php

-$ldaphost = 'ldap://ldapServer';
+$ldaphost = 'ldapServer';
 $ldapport = 389;

 $ds = ldap_connect($ldaphost, $ldapport)

Check the basic example at the official documentation.