I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns Strong(er) authentication required. error when trying ldap_bind. All the searches I made directed me to two possible problems: I have to set LDAP_OPT_PROTOCOL_VERSION to 3 - which I do and did before, so this can not be my problem. The AD server is configured to use SSL authentication - but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure. What other causes could be for this error to happen? UPDATE It was SSL required on Active Directory server ...

Reputation: 692

PHP ldap - Strong(er) authentication required

I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns

Strong(er) authentication required.

error when trying ldap_bind.

All the searches I made directed me to two possible problems:

I have to set LDAP_OPT_PROTOCOL_VERSION to 3 - which I do and did before, so this can not be my problem.
The AD server is configured to use SSL authentication - but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure.

What other causes could be for this error to happen?

UPDATE

It was SSL required on Active Directory server ...

Upvotes: 8

Answers (4)

sdd

Reputation: 721

This answer seems to be full, although short. It covers two options on how to handle the error.

Upvotes: 0

Matteo Conta

Reputation: 1449

The message "Strong(er) authentication required" appears also if you try to update a LDAP entity using :

ldap_modify
ldap_mod_replace
ldap_modify_batch

Without calling the bind function with the optional parameters :

 string $bind_rdn = NULL [, string $bind_password = NULL

This code will not work:

$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

$bind = ldap_bind($ldap);

$userdata=array();
$userdata['userattribute'][0]='test';

ldap_modify ($ldap, "cn=myuser,dc=example,dc=com", $userdata);

This code works, note the different call to bind function:

$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

$bind = ldap_bind($ldap,'cn=admin,dc=example,dc=com','secretpassword');

$userdata=array();
$userdata['userattribute'][0]='test';

ldap_modify ($ldap, "cn=myuser,dc=example,dc=com", $userdata);

Upvotes: 0

bogtan

Reputation: 837

I had the same problem and it seems that there was a typo in my bind_rdn, so make sure that the credentials are correct.

Upvotes: 1

Jon Skarpeteig

Reputation: 4128

You have to use ldaps:// if it's required by the Active Directory server. If it's a problem with invalid certificate authority, you can ignore the validity in windows by issuing

putenv('LDAPTLS_REQCERT=never');

in your php code. In *nix you need to edit your /etc/ldap.conf to contain

TLS_REQCERT never

For other common problems, you can refer to my post at PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition

For working example code, you can have a look at: Problems with secure bind to Active Directory using PHP

Upvotes: 6

PHP ldap - Strong(er) authentication required

UPDATE

Answers (4)

Related Questions