Solved

Ldap_bind() always returning true

Posted on 2004-09-02
5
1,560 Views
Last Modified: 2012-06-21
I am currently attempting to tie in a ticket system (written in PHP) into Active Directory.  I am using the ldap functions of php for authentication in a modified "standard" login.php file.  Here is my code:

                $ldaphost1 = "ldap://dc1.xxxx.net";
                $ldaphost2 = "ldap://dc2.xxxx.net";
                $ldapdn = "cbuell@xxxx.net";
                $ldappwd = "mypassword";

                if (!($ds = ldap_connect($ldaphost1)) {
                         if(!($ds = ldap_connect($ldaphost2)) {
                                        echo "Cannot connect to the domain";
                         }
                }

                ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

                $bind = ldap_bind($ds, $ldapdn, $ldappwd);

                if ($bind) {
                         echo "Bind completed";
                }
                else {
                         echo "Bind not completed";
                }


I believe the connection is performed correctly.  However, regardless of what incorrect username or password I use, I always get $bind = 1, or true.  I am unable to get a false return.

Anonymous bindings are set as default for Active Directory, in that they are allowed, but not able to perform any action.  Whenever I supply an incorrect password, though, I should get "Incorrect Credentials" as I do when I test the ldap connections with LDP.exe.

I am running PHP on OS X, although I have no idea if that is relevant (or the problem).

Any ideas as to what could be my problem?   Thanks for your time!


Chris

0
Comment
Question by:cbuell
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:ushastry
ID: 11971510
Hi,

Please check out this..

http://bugs.php.net/bug.php?id=19520


Hope this Helps!
0
 

Author Comment

by:cbuell
ID: 11973731

Thanks for that link ushastry, I went and did some research on that.

From what I've read, there has been a work around for that for some time in which the ldap password is set to " " (a space) instead of an empty string.  Then it correctly invalidates the username/password.

Following that line of thought, I did go and double check that my password was being set, and was not an empty string.  Unfortunately, that seems to be working properly, so I'm still thinking I have a problem elsewhere?


Thanks for the help,

Chris
0
 
LVL 1

Accepted Solution

by:
iamtgo3 earned 500 total points
ID: 11978631
I realize this is not Active Directory but here is a similiar thing I wrote for Novell LDAP. Check it out it may help.

http://www.ipdg3.com/sourcecoderesults.php?option=search_sourcecode&sc=PHP_&ss=ldap&match=cp&offset=0

George - www.ipdg3.com
0
 

Author Comment

by:cbuell
ID: 11999575

I have solved my problem.

The problem was simply syntax.  The ldap_bind needed to be called as @ldap_bind.  I'm not sure why this is required, as sample code I looked at (thank you for your link, George) simply call ldap_bind.

I am giving the points to iamtgo3 because although his code used the function call without the "@", I was viewing his code when the thought occured to me.


Thanks for the help,

Chris
0
 
LVL 1

Expert Comment

by:iamtgo3
ID: 12006039
Thanks Chris glad I could help weather it was a small or big part of your solution. I am glad you have your question solved.

George - www.ipdg3.com
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now