Solved

PHP and access to raw LDAP responses under Apache

Posted on 2013-10-29
7
443 Views
Last Modified: 2013-11-03
We are working with an LDAP server that returns the standard return code of 49 when something is "wrong" with the users account.  That is they supplied bad user-id, bad password, the password is expired and must be changed, the account has been revoked/disabled due to to many invalid attempts.  

However, this LDAP server also returns an additional message stating why the authentication failed.  So if the password has expired it will return the code 49  plus the additional information stating that the password is expired.

Under Apache all the standard LDAP function returns in "good" or "bad".  Using ldap_errno function I see 49, which is correct.  However if I use ldap_error I don't see the  message the LDAP server returned, I see "Invalid Credentials", the standard message for a error 49.

Is there a way with PHP under Apache I can get access to the additional information the LDAP server is returning.  If the user's password is expired I want to re-direct them to another web page where they can change their password.
0
Comment
Question by:giltjr
  • 4
  • 3
7 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39608550
Have you tried this?
http://php.net/manual/en/function.ldap-err2str.php

<?php // RAY_temp_giltjr.php
error_reporting(E_ALL);

for ($i=0; $i<100; $i++)
{
     echo "Error $i: ";
     echo ldap_err2str($i);
     echo '<br>' . PHP_EOL;
}

Open in new window

0
 
LVL 57

Author Comment

by:giltjr
ID: 39608638
Yes, that returns the "standard" message for the error code returned.  So the standard message for cod 49 is "Invalid credentials", so that is what it displays.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39608701
Rats!  I was hoping for something more illuminating.  I don't have LDAP on my server any more, so I couldn't test.

I will mark this as a "neglected question" and that should get some fresh eyes on the problem.  HTH, ~Ray
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Author Comment

by:giltjr
ID: 39608713
Thanks.  I just opened this so you don't need to mark it neglected yet.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 0 total points
ID: 39608783
Success!!!! Found it:

ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $err)
echo $err . "<br />\n" ;

Results in the following if password is expired:

R000100 The password has expired (srv_authenticate_native_password)
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39608865
Awesome!  Accept your own answer so it will go into the PAQ!

Thanks for using EE, ~Ray
0
 
LVL 57

Author Closing Comment

by:giltjr
ID: 39619695
Gave me exactly what I needed.

Although Ray_Paseur's  suggestion didn't work it made me go back and review every PHP LDAP function.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now