Reputation: 946
I'm attempting to implement LDAP user authentification however for some reason no matter what the input is, ldap_bind always returns true. Whether the input is gibberish, empty, or legitimate
$ds = ldap_connect($ldaphost)
or die("Could not connect to $ds");
if($bind = ldap_bind($ds,$username, $password))
{
// login successful
}
else {
// error message
}
any ideas?
note: using the code below produces the same issue:
$bind = ldap_bind($ds,$username, $password);
if($bind)
{
// login successful
}
else {
// error message
}
Thanks in advance!
Upvotes: 2
Views: 2520
Reputation: 1
Gagola, the function ldap_bind occurs at the server side. so once the webserver's os user binded to the ldap server, next queries return true. the solution is simple as unbinding it just after binding it. here is an example.
<?php
function ad_auth( $server, $username, $password ){
$ldap = @ldap_connect( $server );
if ( @ldap_bind( $ldap, $username, $password ) ){
ldap_unbind( $ldap );
return true;
}
else
return false;
}
?>
Upvotes: 0
Reputation: 31
For anyone else that finds this question- It's possible that you are attempting an 'anonymous simple bind' if you're passing a zero length password, which will always return true.
See the comment for better description check out php.net
Upvotes: 3
Reputation: 643
You can use a ldapmanagment.php with this:
class Connection {
protected $server;
protected $port;
protected $user;
protected $password;
protected $ldapconn;
public function __construct($server, $port, $user, $password){
$this->server = $server;
$this->port = $port;
$this->user = $user;
$this->password = $password;
}
public function connect() {
$this->ldapconn = ldap_connect($this->server,$this->port) or die("Could not connect to LDAP server.");
ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0);
if ($this->ldapconn) {
$ldapbind = @ldap_bind($this->ldapconn, $this->user, $this->password);
}
}
and in your file php this:
include('ldapmanagement.php');
$connection = new Connection ($LDAPHOST,$LDAPPORT,$ldaprdn,$ldappass);
$connection->connect();
Upvotes: 0
Reputation: 68536
Just do like this...
if(ldap_bind($ds,$username, $password))
instead of
if($bind = ldap_bind($ds,$username, $password))
Upvotes: 1