LDAP issue, ldap_bind invalid dn syntax(LDAP 问题,ldap_bind 无效的 dn 语法)
问题描述
我知道我的错误会很简单,但我试图找到问题,但我没有看到它,也许你可以帮助我....
I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....
我正在尝试使用 php 创建一个函数,以便能够连接到 LDAP 并找到所需的信息.
I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.
我的php代码如下:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
当我尝试运行代码时,它给了我以下错误:ldap_bind 第 xxxx 行的 DN 语法无效该行如下:
When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
推荐答案
如错误中所述,您的绑定 DN 格式错误.DN 代表对象的完整路径 - 所以在你的情况下应该是这样的(看起来你在 AD 上?)
As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)
"cn=username,ou=域用户,dc=example,dc=com"
"cn=username,ou=domain users,dc=example,dc=com"
根据您的 LDAP(Active Directory、OpenLDAP 等)的风格,您可能能够使用 uid(所以只是用户名")进行绑定,但最好假设您总是需要完整的 DN.
Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you might be able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.
您可以使用诸如 Apache Directory Studio 之类的 LDAP 工具来帮助构建查询并找出对象的DN 是.或者也有 ldp.exe(前提是它是 AD),但是 directory studio 更容易使用.
You can use an LDAP tool like Apache Directory Studio to help build queries and find out what object's DN's are. Or there's ldp.exe too (provided it's AD), but directory studio is easier to use.
这篇关于LDAP 问题,ldap_bind 无效的 dn 语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:LDAP 问题,ldap_bind 无效的 dn 语法
- 如何定位 php.ini 文件 (xampp) 2022-01-01
- 没有作曲家的 PSR4 自动加载 2022-01-01
- SoapClient 设置自定义 HTTP Header 2021-01-01
- PHP Count 布尔数组中真值的数量 2021-01-01
- 从 PHP 中的输入表单获取日期 2022-01-01
- 正确分离 PHP 中的逻辑/样式 2021-01-01
- Laravel 仓库 2022-01-01
- Oracle 即时客户端 DYLD_LIBRARY_PATH 错误 2022-01-01
- 带有通配符的 Laravel 验证器 2021-01-01
- Mod使用GET变量将子域重写为PHP 2021-01-01
