Reputation: 606
PHP - ldap_bind returns invalid credentials
I am trying to make a login page which authenticate using a LDAP server. I use the following information and it works with LDAP client.
Host: ldap.med.xxx.edu
Port: 389
Protocol: v3
Base DN: ou=som,dc=med,dc=xxx,dc=edu
Security level: User + Password
User DN: MED\myusername
Password: mypassword
and then I have the following code:
function ldap_authentication($uname, $password)
{
$ldaprdn = "uid=MED\\$uname,ou=som,dc=med,dc=xxx,dc=edu";
$ldappass = "$password";
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn = @ldap_connect("ldap.med.xxx.edu",389) or die("Cannot connect to LDAP server!");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if($ldapconn)
{
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
if($ldapbind)
{
return "Success...";
}
else
{
return "Failed to bind..." . ldap_error($ldapconn);
}
}
else {
return "Cannot Connect";
}
return "Unknown error...";
}
Now this PHP code returns "Failed to bind...Invalid Credenitials"
Any idea what I am doing wrong here?
Upvotes: 0
Views: 6700
Answers (2)
Reputation: 691
I had a similar issue with getting "invalid credentials" while attempting to log into Active Directory via LDAP, but only for certain users. I had tried using/removing the domain_prefix\, both with single and double backslashes, to no avail. The login credentials were all verified for each account I tried, but only one (mine, oddly enough) worked, while others with both more or less permissions, different or identical groups, all failed. What I found to be the solution to the problem was this: the variable $ldaprdn, which stored the RDN, was in this format:
$ldaprdn = "xxx\\{$username}";
For some reason this was failing for all accounts other than mine (The web server that runs the intranet site I'm working on is on my workstation, which may or may not be relevant), but failed for every other user. By changing the RDN string to this:
$ldaprdn = "xxx\\$username";
it now works just fine for all valid accounts. I have no idea at all why this is, either for why all login credentials save for mine failed, or why the removal of the braces "fixed" the problem. If anyone has insights as to why this seemingly insignificant change had such a strange effect, I'm all ears.
Upvotes: 0
Reputation: 3861
I think you have to use either sAMAccountName=$uname,ou=som,dc=med,dc=xxx,dc=edu or just MED\\$uname for the bind.
The last one is a special ActiveDirectory feature. The first one takes into account that the unique id on AD is named sAMAccountName and not uid
Upvotes: 1
Related Questions
- PHP Warning: ldap_bind(): Unable to bind to server: invalid credentials
- PHP ldap_connect + ldap_bind unable to bind
- PHP ldap_bind() authentication - error Unable to bind to server: Invalid credentials?
- LDAP connection bind not successful
- php LDAP Invalid credentials
- PHP LDAP Login Issue
- Couldn't bind LDAP using PHP
- PHP ldap bind issue
- I am unable to bind to an LDAP server due to "Invalid Credentials", though the credentials are valid
- Issue with ldap_bind() with blank user name and password