RE: [PHP] LDAP confusion
[snip] if(!$ds=ldap_connect(foo)){ echo did not connect; }else { echo connection successful; } $un = user; $upw = pass; echo connect result is . $ds . br /; ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if ($ds) { echo Binding ...; if(!$r=ldap_bind($ds, $un, $upd)){ echo unable to verify/br; }else{ echo verifiedbr; } The result is always verified. From the comments on www.php.net/ldap_bind: I have found that if either of the valuse for user or password are blank, or as in my case a typo resulted in a blank user as it was an undefined variable, the ldap_bind() will just perform an anonymous bind and return true! You have: $upw = pass; but using $upd in ldap_bind ... if(!$r=ldap_bind($ds, $un, $upd)){ unless it's a typo in your example that could explain it. ? [/snip] It was a typo. Anyhow, I guess if the connection to the server is anonymous in the event of a bad username / pw combo I will still need to search the AD for a match for authentication. I am still having a problem getting a search to work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] I vaguely recall you couldn't do an anonymous bind to an active directory system - you had to properly authenticate before you could do a search. You didn't include the bind stuff so I can't tell if that's the problem :) [/snip] I thought that I was not doing an anonymous bind, until I changed the username to something that I know did not exist. The bind occurred (or appeared to) anyhow. if(!$ds=ldap_connect(foo)){ echo did not connect; }else { echo connection successful; } $un = user; $upw = pass; echo connect result is . $ds . br /; ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if ($ds) { echo Binding ...; if(!$r=ldap_bind($ds, $un, $upd)){ echo unable to verify/br; }else{ echo verifiedbr; } The result is always verified. This should be a really simple operation. 1. user enters name and password 2. if bind is successful redirect them properly 3. else give them a message about incorrect login. I really do not need to search the AD or any of that (I may want to install phpldapadmin at some point though). I feel as if I am missing something very simple, I have always been able to connect to everything with PHP. Can anyone help me with this please? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP confusion
On 3/4/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [snip] I vaguely recall you couldn't do an anonymous bind to an active directory system - you had to properly authenticate before you could do a search. You didn't include the bind stuff so I can't tell if that's the problem :) [/snip] I thought that I was not doing an anonymous bind, until I changed the username to something that I know did not exist. The bind occurred (or appeared to) anyhow. if(!$ds=ldap_connect(foo)){ echo did not connect; }else { echo connection successful; } $un = user; $upw = pass; echo connect result is . $ds . br /; ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if ($ds) { echo Binding ...; if(!$r=ldap_bind($ds, $un, $upd)){ echo unable to verify/br; }else{ echo verifiedbr; } The result is always verified. From the comments on www.php.net/ldap_bind: I have found that if either of the valuse for user or password are blank, or as in my case a typo resulted in a blank user as it was an undefined variable, the ldap_bind() will just perform an anonymous bind and return true! You have: $upw = pass; but using $upd in ldap_bind ... if(!$r=ldap_bind($ds, $un, $upd)){ unless it's a typo in your example that could explain it. ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] I am trying to work through connecting to and using LDAP with PHP. Thus far I am able to connect and bind, but I cannot search. $sr=ldap_search($ds, CN=configuration,DC=onecall,DC=local, cn=*); Gives me Warning: ldap_search(): Search: Operations error in /srv/www/htdocs/test/ldapTest.php on line 29 The dn is correct, it would seem that the search filter is the issue. Can someone please enlighten me? [/snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] LDAP confusion
[snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? [/snip] Well, I thought that I had escaped the hell of a Windows world when I accepted this position, and now it is just not true. We have all of our users authenticating through AD on a W2003Server, so I thought I'd use LDAP for web authentication as well. It doesn't work. For some cockamaimee reason there are problems using PHP/LDAP with W2003Server. To be sure, I found plenty of evidence that all was well prior to W2003Server, there are many posts web wide about how well it was working with W2KServer, etc. Does anyone know how I can fix this without having our Windows folks do something to the server which will undoubtedly hose things up? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP confusion
[EMAIL PROTECTED] wrote: [snip] Aha! It may not be me. The LDAP server is Win2003 and has some known problems when searching LDAP. I haven't located a solution, but if you are privy to one or two or ten could you let me know? [/snip] Well, I thought that I had escaped the hell of a Windows world when I accepted this position, and now it is just not true. We have all of our users authenticating through AD on a W2003Server, so I thought I'd use LDAP for web authentication as well. It doesn't work. For some cockamaimee reason there are problems using PHP/LDAP with W2003Server. To be sure, I found plenty of evidence that all was well prior to W2003Server, there are many posts web wide about how well it was working with W2KServer, etc. Does anyone know how I can fix this without having our Windows folks do something to the server which will undoubtedly hose things up? I vaguely recall you couldn't do an anonymous bind to an active directory system - you had to properly authenticate before you could do a search. You didn't include the bind stuff so I can't tell if that's the problem :) -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php