Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Ldap_bind() always returning true

Posted on 2004-09-02
5
Medium Priority
?
1,674 Views
Last Modified: 2012-06-21
I am currently attempting to tie in a ticket system (written in PHP) into Active Directory.  I am using the ldap functions of php for authentication in a modified "standard" login.php file.  Here is my code:

                $ldaphost1 = "ldap://dc1.xxxx.net";
                $ldaphost2 = "ldap://dc2.xxxx.net";
                $ldapdn = "cbuell@xxxx.net";
                $ldappwd = "mypassword";

                if (!($ds = ldap_connect($ldaphost1)) {
                         if(!($ds = ldap_connect($ldaphost2)) {
                                        echo "Cannot connect to the domain";
                         }
                }

                ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

                $bind = ldap_bind($ds, $ldapdn, $ldappwd);

                if ($bind) {
                         echo "Bind completed";
                }
                else {
                         echo "Bind not completed";
                }


I believe the connection is performed correctly.  However, regardless of what incorrect username or password I use, I always get $bind = 1, or true.  I am unable to get a false return.

Anonymous bindings are set as default for Active Directory, in that they are allowed, but not able to perform any action.  Whenever I supply an incorrect password, though, I should get "Incorrect Credentials" as I do when I test the ldap connections with LDP.exe.

I am running PHP on OS X, although I have no idea if that is relevant (or the problem).

Any ideas as to what could be my problem?   Thanks for your time!


Chris

0
Comment
Question by:cbuell
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:Umesh
ID: 11971510
Hi,

Please check out this..

http://bugs.php.net/bug.php?id=19520


Hope this Helps!
0
 

Author Comment

by:cbuell
ID: 11973731

Thanks for that link ushastry, I went and did some research on that.

From what I've read, there has been a work around for that for some time in which the ldap password is set to " " (a space) instead of an empty string.  Then it correctly invalidates the username/password.

Following that line of thought, I did go and double check that my password was being set, and was not an empty string.  Unfortunately, that seems to be working properly, so I'm still thinking I have a problem elsewhere?


Thanks for the help,

Chris
0
 
LVL 1

Accepted Solution

by:
iamtgo3 earned 1500 total points
ID: 11978631
I realize this is not Active Directory but here is a similiar thing I wrote for Novell LDAP. Check it out it may help.

http://www.ipdg3.com/sourcecoderesults.php?option=search_sourcecode&sc=PHP_&ss=ldap&match=cp&offset=0

George - www.ipdg3.com
0
 

Author Comment

by:cbuell
ID: 11999575

I have solved my problem.

The problem was simply syntax.  The ldap_bind needed to be called as @ldap_bind.  I'm not sure why this is required, as sample code I looked at (thank you for your link, George) simply call ldap_bind.

I am giving the points to iamtgo3 because although his code used the function call without the "@", I was viewing his code when the thought occured to me.


Thanks for the help,

Chris
0
 
LVL 1

Expert Comment

by:iamtgo3
ID: 12006039
Thanks Chris glad I could help weather it was a small or big part of your solution. I am glad you have your question solved.

George - www.ipdg3.com
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question