Reputation: 314
how connect to ldap with ldap_sasl_bind in php
I have on LDAP this user: uid=user,ou=People,dc=ex,dc=com I connect to LDAP server with
$con = ldap_connect('ldap://ex.com');
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
I try bind with ldap_sasl_bind:
ldap_sasl_bind($con, 'uid=user,ou=People,dc=ex,dc=com', 'secret', 'DIGEST-MD5');
not work - "Invalid credentials"
ldap_sasl_bind($con, NULL, 'secret', 'DIGEST-MD5', NULL, 'uid=user,ou=People,dc=ex,dc=com');
same result - "Invalid credentials"
ldap_bind($con, 'uid=user,ou=People,dc=ex,dc=com', 'secret')
work fine
Upvotes: 0
Views: 3865
Answers (1)
Reputation: 11134
When using a low-security SASL method like DIGEST-MD5, the server must be able to get the clear-text password from the entry named by the distinguished name. This means the password must be stored in clear text or with a reversible encryption (this reduces the security if the entry, one reason DIGEST-MD5 should considered low-security and avoided unless required by the LDAP client; LDAP clients should prefer simple authentication using a secure connection).
Check to be sure the entry for uid=user,ou=People,dc=ex,dc=com has the password secret available to the server, that is, the password storage scheme is either clear-text or a reversible encryption as noted above. If a reversible encryption is used, the strongest method should be used, which I believe is AES.
Upvotes: 1
Related Questions
- LDAP_BIND Can't contact LDAP server
- PHP ldap_connect + ldap_bind unable to bind
- PHP ldap_bind() authentication - error Unable to bind to server: Invalid credentials?
- LDAP connection bind not successful
- PHPs ldap_bind() failing even though ldap_connect() is successful
- ldap_bind() - Can't contact LDAP server
- Couldn't bind LDAP using PHP
- PHP ldap bind issue
- LDAP is not connecting
- how to bind to an openldap server