Solved

PHP and access to raw LDAP responses under Apache

Posted on 2013-10-29
7
461 Views
Last Modified: 2013-11-03
We are working with an LDAP server that returns the standard return code of 49 when something is "wrong" with the users account.  That is they supplied bad user-id, bad password, the password is expired and must be changed, the account has been revoked/disabled due to to many invalid attempts.  

However, this LDAP server also returns an additional message stating why the authentication failed.  So if the password has expired it will return the code 49  plus the additional information stating that the password is expired.

Under Apache all the standard LDAP function returns in "good" or "bad".  Using ldap_errno function I see 49, which is correct.  However if I use ldap_error I don't see the  message the LDAP server returned, I see "Invalid Credentials", the standard message for a error 49.

Is there a way with PHP under Apache I can get access to the additional information the LDAP server is returning.  If the user's password is expired I want to re-direct them to another web page where they can change their password.
0
Comment
Question by:giltjr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39608550
Have you tried this?
http://php.net/manual/en/function.ldap-err2str.php

<?php // RAY_temp_giltjr.php
error_reporting(E_ALL);

for ($i=0; $i<100; $i++)
{
     echo "Error $i: ";
     echo ldap_err2str($i);
     echo '<br>' . PHP_EOL;
}

Open in new window

0
 
LVL 57

Author Comment

by:giltjr
ID: 39608638
Yes, that returns the "standard" message for the error code returned.  So the standard message for cod 49 is "Invalid credentials", so that is what it displays.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39608701
Rats!  I was hoping for something more illuminating.  I don't have LDAP on my server any more, so I couldn't test.

I will mark this as a "neglected question" and that should get some fresh eyes on the problem.  HTH, ~Ray
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 57

Author Comment

by:giltjr
ID: 39608713
Thanks.  I just opened this so you don't need to mark it neglected yet.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 0 total points
ID: 39608783
Success!!!! Found it:

ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $err)
echo $err . "<br />\n" ;

Results in the following if password is expired:

R000100 The password has expired (srv_authenticate_native_password)
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39608865
Awesome!  Accept your own answer so it will go into the PAQ!

Thanks for using EE, ~Ray
0
 
LVL 57

Author Closing Comment

by:giltjr
ID: 39619695
Gave me exactly what I needed.

Although Ray_Paseur's  suggestion didn't work it made me go back and review every PHP LDAP function.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question