Reputation: 3947
I'm trying to use PHP to verify authentication in our Active Directory using LDAP.
I know a valid username and password, our domain, and LDAP server.
$ldapconn = ldap_connect($ldapserver)
works, it returns a 'ldap link' resource.
But when I call ldap_bind($ldapconn, $ldaprdn, $password)
it fails.
I have tried a lot of settings for $ldaprdn
, but can't find one that works. Some examples:
$ldaprdn = $username;
$ldaprdn = $username.'@'.$domain;
$ldaprdn = $domain.'\\'.$username;
$ldaprdn = "uid=$username,cn=users,dc=$ldapserver,dc=$domain,dc=com"
$ldaprdn = "uid=$username,dc=$domain,dc=com"
$ldaprdn = "uid=$username,dc=com"
$ldaprdn = "uid=$username,dc=$domain"
Nothing of that works, ldap_error($ldapconn)
always returns "Invalid credentials".
Login and password are obviously right, I'm able to login in Windows. Any idea what I could use?
Upvotes: 2
Views: 2991
Reputation: 14959
Debugging this sort of thing is really tricky. Use the logs on the LDAP server if you have access, or try something like http://jxplorer.org/ to get better information about the actual dn/context of the user you are trying to connect as. You probably have part of it missing or not quite right.
Also, if your username/password has characters that need escaping on the command line, make sure you are not escaping them in the PHP script.
Upvotes: 2