用PHP进行LDAP身份验证

如何使用php进行LDAP身份验证

我成功地在xampp中连接了ldap服务器

LDAP绑定成功

但是在处理这段代码时会出现一些错误

<?php


    $ldapBaseDomain = 'ou=employee,dc=domainname';
    $ldapServer = 'domainname';
    $ldapUsername = 'xxx';
    $ldapPassword = 'yyy';


if (!empty($_POST['username']) && !empty($_POST['password'])) {


    if (!preg_match('/^[a-zA-Z0-9\-]+$/', $_POST['username'])) {
        die('Please enter a valid username');
    }

    if (!$ldapConnection = @ldap_connect($ldapServer)) {
        die('Could not connect to ldap server');
    }

    if (!@ldap_bind($ldapConnection, $ldapUsername, $ldapPassword)) {
        die('Could not bind to ldap server');
    }

    if (!$ldapSearch = @ldap_search($ldapConnection, $ldapBaseDomain, $_POST['username'])) {
        die('Could not complete ldap search');
    }

    $ldapCount = @ldap_count_entries($ldapConnection, $ldapSearch);

    if (!$ldapCount) {
        die('account not found');
    } else {
        if (!$ldapEntry = @ldap_get_entries($ldapConnection, $ldapSearch)) {
            die('Could not get ldap entry');
        }

        $distinguishedName = $ldapEntry[0]['distinguishedname'][0];

        if (empty($distinguishedName)) {
            die('Account information not found');
        }

        if(!@ldap_bind($ldapConnection, $distinguishedName, $_POST['password'])) {
            die('Password Incorrect');
        }

        echo '  <h1>Logged in successfully</h1>
                <h2>User Details</h2>';

        echo '<pre>' . print_r($ldapEntry[0], true) . '</pre>';
    }

} else {
    echo '  <form method="post">
            Username: <input name="username"><br>
            Password: <input name="password" type="password"><br>
            <input type="submit" value="login">
            </form>';
}

?>

这是错误显示

<?php


    $ldapBaseDomain = 'ou=employee,dc=domainname';
    $ldapServer = 'domainname';
    $ldapUsername = 'xxx';
    $ldapPassword = 'yyy';


if (!empty($_POST['username']) && !empty($_POST['password'])) {


    if (!preg_match('/^[a-zA-Z0-9\-]+$/', $_POST['username'])) {
        die('Please enter a valid username');
    }

    if (!$ldapConnection = @ldap_connect($ldapServer)) {
        die('Could not connect to ldap server');
    }

    if (!@ldap_bind($ldapConnection, $ldapUsername, $ldapPassword)) {
        die('Could not bind to ldap server');
    }

    if (!$ldapSearch = @ldap_search($ldapConnection, $ldapBaseDomain, $_POST['username'])) {
        die('Could not complete ldap search');
    }

    $ldapCount = @ldap_count_entries($ldapConnection, $ldapSearch);

    if (!$ldapCount) {
        die('account not found');
    } else {
        if (!$ldapEntry = @ldap_get_entries($ldapConnection, $ldapSearch)) {
            die('Could not get ldap entry');
        }

        $distinguishedName = $ldapEntry[0]['distinguishedname'][0];

        if (empty($distinguishedName)) {
            die('Account information not found');
        }

        if(!@ldap_bind($ldapConnection, $distinguishedName, $_POST['password'])) {
            die('Password Incorrect');
        }

        echo '  <h1>Logged in successfully</h1>
                <h2>User Details</h2>';

        echo '<pre>' . print_r($ldapEntry[0], true) . '</pre>';
    }

} else {
    echo '  <form method="post">
            Username: <input name="username"><br>
            Password: <input name="password" type="password"><br>
            <input type="submit" value="login">
            </form>';
}

?>

无法完成ldap搜索

---

任何解决此问题的提示

在LDAP搜索中，您必须使用有效的LDAP筛选器。如果用户名为“johndoe”，则您当前只需搜索“johndoe”。这类似于执行以下SQL搜索：

您必须让LDAP服务器有机会知道在哪里搜索“johndoe”。因此，您应该使用类似于

sAMAccountName=johndoe

（对于ActiveDirectory）或

uid=johndoe

（对于OpenLdap）的内容

---

关于更深入的示例，请看

您是否可以使用“tail-f/var/logs/dirsrv/access”从LDAP服务器中放置访问日志？我正在使用windows AD，那么它是如何实现的？当您从

LDAP\u搜索

中删除

@

时，您是否会收到任何错误消息？使用您的示例，我是否应该声明$host='ip'$端口='端口'；像这样那么确切的错误信息是什么？您可能还想调用

ldap\u errno

和

ldap\u error

这是错误appers---Parse error:语法错误，意外的“无连接”（T\u CONSTANT\u ENCAPSED\u STRING）