?
Solved

Using LDAP in PHP to get Active Directory info always returns Invalid credentials

Posted on 2008-10-06
5
Medium Priority
?
1,524 Views
Last Modified: 2013-12-19
Let me preface this question with, I am not a sys admin by any means.  I am a LAMP developer attempting to use PHP's LDAP extension to authenticate users of a PHP application against my client's Active Directory accounts.

Setup:
    Box 1:
        Windows 2003 running Apache 2.2 and PHP 5.2
    Box 2:
        Windows box running Active Directory

The sys admin send me a screenshot of the Active Directory tree.  My account was located on:
domain: area1.area2.local
ad host machine: box2

My account is in the Our Users -> Our Department -> Our Team folder.

$connection = ldap_connect('box2');    <------- works
ldap_bind($connection,'cn=billybob,ou=Our Users,ou=Our Department,ou=Our Team,dc=area1,dc=area2,dc=local','mypassword');    <------- throws 'Unable to bind to server: Invalid credentials'

Any ideas?  

0
Comment
Question by:mhmservices
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22654747
Can you take a look through the user notes on http://docs.php.net/ldap_bind

The code ...

if (ldap_set_option($ldapLink,LDAP_OPT_PROTOCOL_VERSION,3))
{
    echo "Using LDAP v3";
}else{
    echo "Failed to set version to protocol 3";
}

May be required for you as well as other settings.
0
 

Author Comment

by:mhmservices
ID: 22671915
Thanks for the idea, but unfortunately that piece is already in our code.
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22673504
Are you sure the password is correct? Case sensitivity and all that.
0
 

Author Comment

by:mhmservices
ID: 22684684
I am sure the info is correct because I am using it to login to the VPN.  Thanks for the shot though.
0
 
LVL 40

Accepted Solution

by:
Richard Quadling earned 500 total points
ID: 22684987
I've only done a little playing with LDAP.

Here is the code I used as my first test.

I'm using this from the command line.


Usage :

ldap_search <username> <password> <searchElement> <seachValue>

e.g.

ldap_search RQuadling blahblahblah sn Q*

will use my credentials to look for all entities that have a SN (surname) element that starts with Q.




If you change LDAP_Server to the server name and DOMAIN to the domain.





<?php
$ds=ldap_connect('LDAP_Server.DOMAIN');  // must be a valid LDAP server!
$dn="DC=DOMAIN";
 
if ($ds)
	{ 
	$r=ldap_bind($ds, 'DOMAIN\\' . $argv[1], $argv[2]);
	$sr = ldap_search($ds, $dn, $argv[3] . '=' . $argv[4]);
 
	if (0 == $sr)
		{
		echo ldap_errno($ds), ':', ldap_error($ds), ':';
		}
	else
		{
		$info = ldap_get_entries($ds, $sr);
		print_r($info);
		}
 
	ldap_close($ds);
	var_dump($ds);
	}

Open in new window

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Blockchain technology enhances society similar to the Internet. Its effects are broad, disruptive, and will boost global productivity.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question