PHP and access to raw LDAP responses under Apache
Posted on 2013-10-29
We are working with an LDAP server that returns the standard return code of 49 when something is "wrong" with the users account. That is they supplied bad user-id, bad password, the password is expired and must be changed, the account has been revoked/disabled due to to many invalid attempts.
However, this LDAP server also returns an additional message stating why the authentication failed. So if the password has expired it will return the code 49 plus the additional information stating that the password is expired.
Under Apache all the standard LDAP function returns in "good" or "bad". Using ldap_errno function I see 49, which is correct. However if I use ldap_error I don't see the message the LDAP server returned, I see "Invalid Credentials", the standard message for a error 49.
Is there a way with PHP under Apache I can get access to the additional information the LDAP server is returning. If the user's password is expired I want to re-direct them to another web page where they can change their password.