LDAP和PHP连接失败 [英] LDAP and PHP connection failure

问题描述

我正在尝试通过PHP连接到安全的LDAP服务器(使用LDAP)，但是我遇到了问题.我收到以下错误

I am trying to connect to a secure LDAP server (using LDAPs) via PHP, but I am having problems with it. I get the following error

警告:ldap_bind()[function.ldap-bind]:无法绑定到服务器:无法在第16行的/var/www/test.php中联系LDAP服务器

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /var/www/test.php on line 16

当我尝试不使用LDAP进行连接时，我可以工作，但是由于我要处理敏感信息，所以必须使用LDAP.

I works when I try to connect without LDAPs, but it is required that I use LDAPs because I am going to be dealing with sensitive information.

我正在使用以下代码

<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("ldaps://server");  // must be a valid LDAP server!




print $ds;

if ($ds) { 
    echo "<br><br>Binding ..."; 
    $r=ldap_bind($ds);     // this is an "anonymous" bind, typically
                           // read-only access
    echo "Bind result is " . $r . "<br />";

    echo "Searching for (sn=S*) ...";
    // Search surname entry
    $sr=ldap_search($ds, "ou=people,o=server.ca,o=server", "uid=username*");  
    echo "Search result is " . $sr . "<br />";

    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";

    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";

print_r($info);
//    for ($i=0; $i<$info["count"]; $i++) {
//        echo "dn is: " . $info[$i]["dn"] . "<br />";
//        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
//        echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
//    }

    echo "Closing connection";
    ldap_close($ds);

} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
?>

推荐答案

该问题与实际的绑定过程(无效的凭据)无关，因为如果LDAP服务器无法验证您的凭据，则警告会有所不同.但是，正如 Paul Dixon 指出的那样，应该要求使用ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)-即使我不要以为这是造成问题的原因.

The problem is not related to the actual binding process (invalid credentials) as the warning would be a different one if the LDAP server could not authenticate your credentials. But as Paul Dixon noted the use of ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) should be required - even though I don't think that this is the cause of your problems.

• 您要连接到哪种LDAP服务器类型? OpenLDAP，Active Directory还是其他?
• 运行PHP程序的计算机的操作系统是什么?
• 您是否正在LDAP服务器上使用自签名SSL证书，并且运行PHP程序的计算机是否信任给定证书的证书颁发机构?
• LDAP服务器在哪个端口上运行? 636将是LDAPS的官方"端口.也许您可以将端口显式添加到服务器地址:ldaps://<<server>>:636.

• Which LDAP server type are you connecting to? OpenLDAP, Active Directory or something else?
• What's the operating system of the computer running your PHP program?
• Are you using a self-signed SSL certificate on the LDAP server and is the certificate authority for the given certificate trusted by the machine running your PHP program?
• Which port does the LDAP server run on? 636 would be the "official" port for LDAPS. Perhaps you can add the port explicitly to the server address: ldaps://<<server>>:636.

ext/ldap的SSL/TLS安全连接存在一些问题.您可以尝试添加

ext/ldap has some issues with SSL/TLS secured connections. You can try to add

TLS_REQCERT never

到ldap.conf(在基于* nix的系统上为/etc/ldap.conf或/etc/ldap/ldap.conf)，或者对于Windows计算机，在C:\OpenLDAP\sysconf\ldap.conf中创建具有以上内容的ldap.conf(路径必须与它完全匹配)硬编码到扩展程序中.

to the ldap.conf (/etc/ldap.conf or /etc/ldap/ldap.conf on *nix-based systems) or for Windows machines create a ldap.conf with the above content in C:\OpenLDAP\sysconf\ldap.conf (the path must be an exact match as it's hard-coded into the extension).

这篇关于LDAP和PHP连接失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！