Solved

PHP and access to raw LDAP responses under Apache

Posted on 2013-10-29
7
450 Views
Last Modified: 2013-11-03
We are working with an LDAP server that returns the standard return code of 49 when something is "wrong" with the users account.  That is they supplied bad user-id, bad password, the password is expired and must be changed, the account has been revoked/disabled due to to many invalid attempts.  

However, this LDAP server also returns an additional message stating why the authentication failed.  So if the password has expired it will return the code 49  plus the additional information stating that the password is expired.

Under Apache all the standard LDAP function returns in "good" or "bad".  Using ldap_errno function I see 49, which is correct.  However if I use ldap_error I don't see the  message the LDAP server returned, I see "Invalid Credentials", the standard message for a error 49.

Is there a way with PHP under Apache I can get access to the additional information the LDAP server is returning.  If the user's password is expired I want to re-direct them to another web page where they can change their password.
0
Comment
Question by:giltjr
  • 4
  • 3
7 Comments
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39608550
Have you tried this?
http://php.net/manual/en/function.ldap-err2str.php

<?php // RAY_temp_giltjr.php
error_reporting(E_ALL);

for ($i=0; $i<100; $i++)
{
     echo "Error $i: ";
     echo ldap_err2str($i);
     echo '<br>' . PHP_EOL;
}

Open in new window

0
 
LVL 57

Author Comment

by:giltjr
ID: 39608638
Yes, that returns the "standard" message for the error code returned.  So the standard message for cod 49 is "Invalid credentials", so that is what it displays.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39608701
Rats!  I was hoping for something more illuminating.  I don't have LDAP on my server any more, so I couldn't test.

I will mark this as a "neglected question" and that should get some fresh eyes on the problem.  HTH, ~Ray
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Author Comment

by:giltjr
ID: 39608713
Thanks.  I just opened this so you don't need to mark it neglected yet.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 0 total points
ID: 39608783
Success!!!! Found it:

ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $err)
echo $err . "<br />\n" ;

Results in the following if password is expired:

R000100 The password has expired (srv_authenticate_native_password)
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39608865
Awesome!  Accept your own answer so it will go into the PAQ!

Thanks for using EE, ~Ray
0
 
LVL 57

Author Closing Comment

by:giltjr
ID: 39619695
Gave me exactly what I needed.

Although Ray_Paseur's  suggestion didn't work it made me go back and review every PHP LDAP function.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question