Reputation: 137
PHP ldap connection always turns out true
I am trying to make an connection with an active directory to authenticate a user. However it doesnt matter what you type in as it will put you trough either way.
I am not even sure if I make the right connection. as host name I currently use [ip adress].[domain].nl and I do not know if this is even possible, but it didn't turn out an error when I checked the ldap_connect() for errors.
so if you guys would like to look over the code and give me tips, that would be great. I left out the connection details for security reasons.
sry if this is a stupid question but I have bo idea on whats wrong. Thanks in advance.
class LOGIN{
public function login($data){
$user = $data["username"];
$password = $data["password"];
$host = 'ldap://[ip adress]/[domain].nl';
$domain = '[domain].nl';
$basedn = 'dc=[domain],dc=nl';
$ad = ldap_connect($host.$domain,389) or die('Could not connect to LDAP server.');
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
//$bind = ldap_bind($ad, "$user@$domain", $password) or die('Could not bind to AD.');
if(@ldap_bind($ad, "$user"."@"."$domain", $password)){
$result = "Authenticated";
}else{
$result = "Invalid Credential";
}
return $result;
}
}
}
$login = new LOGIN;
And this is the form to log in:
<?php
if(isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password'])){
require_once("classes/class_login.php");
$result = $login->login($_POST);
}
?>
<form action="#" method="POST">
<?php if(!empty($result)){echo "<p>".$result."</p>";} ?>
<pre>
<label for="username">Username: </label><input id="username" type="text" name="username" />
<label for="password">Password: </label><input id="password" type="password" name="password" />
<input type="submit" name="submit" value="Submit" />
</pre>
</form>
Upvotes: 0
Views: 757
Answers (2)
Reputation: 12391
You are right, there is probably something wrong with the api, it always returns true. That's the working implementation that we used.
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
$conn = "ldap://whatever.com"; //
$port = "389"; // by default port 389
$version = "3"; // by default 3
$referral = "0"; // by default 0
$user = "username";
$password = "password";
if ($user && $password) {
//Connect LDAP Server
echo " connecting to ldap mdec<br/> ";
$connect = ldap_connect($conn, $port);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, $version);
ldap_set_option($connect, LDAP_OPT_REFERRALS, $referral);
$bind = ldap_bind($connect, $user, $password);
if ($bind) {
echo "OK. ";
} else {
echo "couldn't bind.";
if (ldap_get_option($connect, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
echo "Error connecting to LDAP: $extended_error";
} else {
echo "Error connecting to LDAP: No additional information is available.";
}
}
ldap_close($connect);
} else {
echo "in else, do whatever you want to show to the user";
}
Upvotes: 2
Reputation: 3861
ldap_connect takes the provided URI and checks it for syntactical correctness. NO connection is established to the server!
The actual connection will be created on the first call to the server (which is typically ldap_bind) so connection-issues might present themself at the ldap_bind command!
Besides that, ldap_connect should be called with a single parameter containing an LDAP-URI like ldap://ldap.example.com:1234 or ldaps://192.168.1.1:4567. Stop using it with two parameters hostname and port as that is deprecated and might be removed in a later version of PHP as there's no way of using it for a secure connection. Always call it like ldap_connect('ldap://ldap.example.com:1234');!
Upvotes: 0
Related Questions
- LDAP and PHP connection failure
- Ldap connection failed in php?
- LDAPS not connecting with PHP
- PHP LDAP Connection Can't Contact LDAP Server
- php Ldap connection issues
- php 5.5 ldap_connect problems
- PHP LDAP AUTHENTICATION FAILS
- PHP LDAP Connection
- PHP ldap_connect() problems
- PHP LDAP authentication NOT WORKING