RE: [PHP] LDAP confusion
[snip]
if(!$ds=ldap_connect(foo)){
echo did not connect;
}else {
echo connection successful;
}
$un = user;
$upw = pass;
echo connect result is . $ds . br /;
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ds) {
echo Binding ...;
if(!$r=ldap_bind($ds, $un, $upd)){
echo unable to verify/br;
}else{
echo verifiedbr;
}
The result is always verified.
From the comments on www.php.net/ldap_bind:
I have found that if either of the valuse for user or password are
blank, or as in my case a typo resulted in a blank user as it was an
undefined variable, the ldap_bind() will just perform an anonymous
bind and return true!
You have:
$upw = pass;
but using $upd in ldap_bind ...
if(!$r=ldap_bind($ds, $un, $upd)){
unless it's a typo in your example that could explain it. ?
[/snip]
It was a typo.
Anyhow, I guess if the connection to the server is anonymous in the
event of a bad username / pw combo I will still need to search the AD
for a match for authentication. I am still having a problem getting a
search to work.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] I vaguely recall you couldn't do an anonymous bind to an active
directory system - you had to properly authenticate before you could do
a search.
You didn't include the bind stuff so I can't tell if that's the problem
:)
[/snip]
I thought that I was not doing an anonymous bind, until I changed the
username to something that I know did not exist. The bind occurred (or
appeared to) anyhow.
if(!$ds=ldap_connect(foo)){
echo did not connect;
}else {
echo connection successful;
}
$un = user;
$upw = pass;
echo connect result is . $ds . br /;
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ds) {
echo Binding ...;
if(!$r=ldap_bind($ds, $un, $upd)){
echo unable to verify/br;
}else{
echo verifiedbr;
}
The result is always verified.
This should be a really simple operation.
1. user enters name and password
2. if bind is successful redirect them properly
3. else give them a message about incorrect login.
I really do not need to search the AD or any of that (I may want to
install phpldapadmin at some point though).
I feel as if I am missing something very simple, I have always been able
to connect to everything with PHP. Can anyone help me with this please?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP confusion
On 3/4/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
[snip] I vaguely recall you couldn't do an anonymous bind to an active
directory system - you had to properly authenticate before you could do
a search.
You didn't include the bind stuff so I can't tell if that's the problem
:)
[/snip]
I thought that I was not doing an anonymous bind, until I changed the
username to something that I know did not exist. The bind occurred (or
appeared to) anyhow.
if(!$ds=ldap_connect(foo)){
echo did not connect;
}else {
echo connection successful;
}
$un = user;
$upw = pass;
echo connect result is . $ds . br /;
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ds) {
echo Binding ...;
if(!$r=ldap_bind($ds, $un, $upd)){
echo unable to verify/br;
}else{
echo verifiedbr;
}
The result is always verified.
From the comments on www.php.net/ldap_bind:
I have found that if either of the valuse for user or password are
blank, or as in my case a typo resulted in a blank user as it was an
undefined variable, the ldap_bind() will just perform an anonymous
bind and return true!
You have:
$upw = pass;
but using $upd in ldap_bind ...
if(!$r=ldap_bind($ds, $un, $upd)){
unless it's a typo in your example that could explain it. ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] LDAP confusion
I am trying to work through connecting to and using LDAP with PHP. Thus far I am able to connect and bind, but I cannot search. $sr=ldap_search($ds, CN=configuration,DC=onecall,DC=local, cn=*); Gives me Warning: ldap_search(): Search: Operations error in /srv/www/htdocs/test/ldapTest.php on line 29 The dn is correct, it would seem that the search filter is the issue. Can someone please enlighten me? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] I am trying to work through connecting to and using LDAP with PHP. Thus far I am able to connect and bind, but I cannot search. $sr=ldap_search($ds, CN=configuration,DC=onecall,DC=local, cn=*); Gives me Warning: ldap_search(): Search: Operations error in /srv/www/htdocs/test/ldapTest.php on line 29 The dn is correct, it would seem that the search filter is the issue. Can someone please enlighten me? [/snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? [/snip] Well, I thought that I had escaped the hell of a Windows world when I accepted this position, and now it is just not true. We have all of our users authenticating through AD on a W2003Server, so I thought I'd use LDAP for web authentication as well. It doesn't work. For some cockamaimee reason there are problems using PHP/LDAP with W2003Server. To be sure, I found plenty of evidence that all was well prior to W2003Server, there are many posts web wide about how well it was working with W2KServer, etc. Does anyone know how I can fix this without having our Windows folks do something to the server which will undoubtedly hose things up? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP confusion
[EMAIL PROTECTED] wrote: [snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? [/snip] Well, I thought that I had escaped the hell of a Windows world when I accepted this position, and now it is just not true. We have all of our users authenticating through AD on a W2003Server, so I thought I'd use LDAP for web authentication as well. It doesn't work. For some cockamaimee reason there are problems using PHP/LDAP with W2003Server. To be sure, I found plenty of evidence that all was well prior to W2003Server, there are many posts web wide about how well it was working with W2KServer, etc. Does anyone know how I can fix this without having our Windows folks do something to the server which will undoubtedly hose things up? I vaguely recall you couldn't do an anonymous bind to an active directory system - you had to properly authenticate before you could do a search. You didn't include the bind stuff so I can't tell if that's the problem :) -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
