Solved

Ldap_bind() always returning true

Posted on 2004-09-02
5
1,578 Views
Last Modified: 2012-06-21
I am currently attempting to tie in a ticket system (written in PHP) into Active Directory.  I am using the ldap functions of php for authentication in a modified "standard" login.php file.  Here is my code:

                $ldaphost1 = "ldap://dc1.xxxx.net";
                $ldaphost2 = "ldap://dc2.xxxx.net";
                $ldapdn = "cbuell@xxxx.net";
                $ldappwd = "mypassword";

                if (!($ds = ldap_connect($ldaphost1)) {
                         if(!($ds = ldap_connect($ldaphost2)) {
                                        echo "Cannot connect to the domain";
                         }
                }

                ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

                $bind = ldap_bind($ds, $ldapdn, $ldappwd);

                if ($bind) {
                         echo "Bind completed";
                }
                else {
                         echo "Bind not completed";
                }


I believe the connection is performed correctly.  However, regardless of what incorrect username or password I use, I always get $bind = 1, or true.  I am unable to get a false return.

Anonymous bindings are set as default for Active Directory, in that they are allowed, but not able to perform any action.  Whenever I supply an incorrect password, though, I should get "Incorrect Credentials" as I do when I test the ldap connections with LDP.exe.

I am running PHP on OS X, although I have no idea if that is relevant (or the problem).

Any ideas as to what could be my problem?   Thanks for your time!


Chris

0
Comment
Question by:cbuell
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:ushastry
ID: 11971510
Hi,

Please check out this..

http://bugs.php.net/bug.php?id=19520


Hope this Helps!
0
 

Author Comment

by:cbuell
ID: 11973731

Thanks for that link ushastry, I went and did some research on that.

From what I've read, there has been a work around for that for some time in which the ldap password is set to " " (a space) instead of an empty string.  Then it correctly invalidates the username/password.

Following that line of thought, I did go and double check that my password was being set, and was not an empty string.  Unfortunately, that seems to be working properly, so I'm still thinking I have a problem elsewhere?


Thanks for the help,

Chris
0
 
LVL 1

Accepted Solution

by:
iamtgo3 earned 500 total points
ID: 11978631
I realize this is not Active Directory but here is a similiar thing I wrote for Novell LDAP. Check it out it may help.

http://www.ipdg3.com/sourcecoderesults.php?option=search_sourcecode&sc=PHP_&ss=ldap&match=cp&offset=0

George - www.ipdg3.com
0
 

Author Comment

by:cbuell
ID: 11999575

I have solved my problem.

The problem was simply syntax.  The ldap_bind needed to be called as @ldap_bind.  I'm not sure why this is required, as sample code I looked at (thank you for your link, George) simply call ldap_bind.

I am giving the points to iamtgo3 because although his code used the function call without the "@", I was viewing his code when the thought occured to me.


Thanks for the help,

Chris
0
 
LVL 1

Expert Comment

by:iamtgo3
ID: 12006039
Thanks Chris glad I could help weather it was a small or big part of your solution. I am glad you have your question solved.

George - www.ipdg3.com
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Installer 5 37
website maintenance mode 1 25
PHP Syntax Error 4 32
PHP Mail error 3 26
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question