LDAP问题,ldap_bind dn语法无效 [英] LDAP issue, ldap_bind invalid dn syntax
问题描述
我知道我的错误将会非常简单,但是我试图找到问题所在,但我没有看到它,也许您可以帮助我....
我正在尝试使用php创建一个函数,因此我可以连接到LDAP并找到所需的信息.
我的php代码如下:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
当我尝试运行代码时,出现以下错误: xxxx行上的ldap_bind无效DN语法 该行如下:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
如错误所述,您的绑定DN格式错误. DN代表对象的完整路径-因此,在您的情况下,应该是这样的(看起来像您在AD上?)
"cn =用户名,ou =域用户,dc =示例,dc = com"
根据您的LDAP风格(Active Directory,OpenLDAP等),您可能可以使用uid(所以只是用户名")进行绑定,但是最好假设您始终需要完整的DN.
您可以使用 Apache Directory Studio 之类的LDAP工具来帮助建立查询并找出对象的含义DN是.或者也有 ldp.exe (如果它是AD),但是Directory Studio易于使用. /p>
I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....
I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.
My php code is the following:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)
"cn=username,ou=domain users,dc=example,dc=com"
Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you might be able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.
You can use an LDAP tool like Apache Directory Studio to help build queries and find out what object's DN's are. Or there's ldp.exe too (provided it's AD), but directory studio is easier to use.
这篇关于LDAP问题,ldap_bind dn语法无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
