Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PHP and access to raw LDAP responses under Apache

Posted on 2013-10-29
7
Medium Priority
?
475 Views
Last Modified: 2013-11-03
We are working with an LDAP server that returns the standard return code of 49 when something is "wrong" with the users account.  That is they supplied bad user-id, bad password, the password is expired and must be changed, the account has been revoked/disabled due to to many invalid attempts.  

However, this LDAP server also returns an additional message stating why the authentication failed.  So if the password has expired it will return the code 49  plus the additional information stating that the password is expired.

Under Apache all the standard LDAP function returns in "good" or "bad".  Using ldap_errno function I see 49, which is correct.  However if I use ldap_error I don't see the  message the LDAP server returned, I see "Invalid Credentials", the standard message for a error 49.

Is there a way with PHP under Apache I can get access to the additional information the LDAP server is returning.  If the user's password is expired I want to re-direct them to another web page where they can change their password.
0
Comment
Question by:giltjr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 39608550
Have you tried this?
http://php.net/manual/en/function.ldap-err2str.php

<?php // RAY_temp_giltjr.php
error_reporting(E_ALL);

for ($i=0; $i<100; $i++)
{
     echo "Error $i: ";
     echo ldap_err2str($i);
     echo '<br>' . PHP_EOL;
}

Open in new window

0
 
LVL 57

Author Comment

by:giltjr
ID: 39608638
Yes, that returns the "standard" message for the error code returned.  So the standard message for cod 49 is "Invalid credentials", so that is what it displays.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39608701
Rats!  I was hoping for something more illuminating.  I don't have LDAP on my server any more, so I couldn't test.

I will mark this as a "neglected question" and that should get some fresh eyes on the problem.  HTH, ~Ray
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 57

Author Comment

by:giltjr
ID: 39608713
Thanks.  I just opened this so you don't need to mark it neglected yet.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 0 total points
ID: 39608783
Success!!!! Found it:

ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $err)
echo $err . "<br />\n" ;

Results in the following if password is expired:

R000100 The password has expired (srv_authenticate_native_password)
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39608865
Awesome!  Accept your own answer so it will go into the PAQ!

Thanks for using EE, ~Ray
0
 
LVL 57

Author Closing Comment

by:giltjr
ID: 39619695
Gave me exactly what I needed.

Although Ray_Paseur's  suggestion didn't work it made me go back and review every PHP LDAP function.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question