Solved

Ldap_bind() always returning true

Posted on 2004-09-02
5
1,585 Views
Last Modified: 2012-06-21
I am currently attempting to tie in a ticket system (written in PHP) into Active Directory.  I am using the ldap functions of php for authentication in a modified "standard" login.php file.  Here is my code:

                $ldaphost1 = "ldap://dc1.xxxx.net";
                $ldaphost2 = "ldap://dc2.xxxx.net";
                $ldapdn = "cbuell@xxxx.net";
                $ldappwd = "mypassword";

                if (!($ds = ldap_connect($ldaphost1)) {
                         if(!($ds = ldap_connect($ldaphost2)) {
                                        echo "Cannot connect to the domain";
                         }
                }

                ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

                $bind = ldap_bind($ds, $ldapdn, $ldappwd);

                if ($bind) {
                         echo "Bind completed";
                }
                else {
                         echo "Bind not completed";
                }


I believe the connection is performed correctly.  However, regardless of what incorrect username or password I use, I always get $bind = 1, or true.  I am unable to get a false return.

Anonymous bindings are set as default for Active Directory, in that they are allowed, but not able to perform any action.  Whenever I supply an incorrect password, though, I should get "Incorrect Credentials" as I do when I test the ldap connections with LDP.exe.

I am running PHP on OS X, although I have no idea if that is relevant (or the problem).

Any ideas as to what could be my problem?   Thanks for your time!


Chris

0
Comment
Question by:cbuell
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:ushastry
ID: 11971510
Hi,

Please check out this..

http://bugs.php.net/bug.php?id=19520


Hope this Helps!
0
 

Author Comment

by:cbuell
ID: 11973731

Thanks for that link ushastry, I went and did some research on that.

From what I've read, there has been a work around for that for some time in which the ldap password is set to " " (a space) instead of an empty string.  Then it correctly invalidates the username/password.

Following that line of thought, I did go and double check that my password was being set, and was not an empty string.  Unfortunately, that seems to be working properly, so I'm still thinking I have a problem elsewhere?


Thanks for the help,

Chris
0
 
LVL 1

Accepted Solution

by:
iamtgo3 earned 500 total points
ID: 11978631
I realize this is not Active Directory but here is a similiar thing I wrote for Novell LDAP. Check it out it may help.

http://www.ipdg3.com/sourcecoderesults.php?option=search_sourcecode&sc=PHP_&ss=ldap&match=cp&offset=0

George - www.ipdg3.com
0
 

Author Comment

by:cbuell
ID: 11999575

I have solved my problem.

The problem was simply syntax.  The ldap_bind needed to be called as @ldap_bind.  I'm not sure why this is required, as sample code I looked at (thank you for your link, George) simply call ldap_bind.

I am giving the points to iamtgo3 because although his code used the function call without the "@", I was viewing his code when the thought occured to me.


Thanks for the help,

Chris
0
 
LVL 1

Expert Comment

by:iamtgo3
ID: 12006039
Thanks Chris glad I could help weather it was a small or big part of your solution. I am glad you have your question solved.

George - www.ipdg3.com
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TCPDF - Create PDF from Form Values and Link to PDF Download 7 46
simple html dom php accessing table/cell  values 4 38
Ajax and PHP 9 53
Reference key in foreach loop 4 38
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question