用PHP进行LDAP身份验证
如何使用php进行LDAP身份验证 我成功地在xampp中连接了ldap服务器 LDAP绑定成功 但是在处理这段代码时会出现一些错误用PHP进行LDAP身份验证,php,authentication,ldap,authorization,Php,Authentication,Ldap,Authorization,如何使用php进行LDAP身份验证 我成功地在xampp中连接了ldap服务器 LDAP绑定成功 但是在处理这段代码时会出现一些错误 <?php $ldapBaseDomain = 'ou=employee,dc=domainname'; $ldapServer = 'domainname'; $ldapUsername = 'xxx'; $ldapPassword = 'yyy'; if (!empty($_POST['username']) &a
<?php
$ldapBaseDomain = 'ou=employee,dc=domainname';
$ldapServer = 'domainname';
$ldapUsername = 'xxx';
$ldapPassword = 'yyy';
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $_POST['username'])) {
die('Please enter a valid username');
}
if (!$ldapConnection = @ldap_connect($ldapServer)) {
die('Could not connect to ldap server');
}
if (!@ldap_bind($ldapConnection, $ldapUsername, $ldapPassword)) {
die('Could not bind to ldap server');
}
if (!$ldapSearch = @ldap_search($ldapConnection, $ldapBaseDomain, $_POST['username'])) {
die('Could not complete ldap search');
}
$ldapCount = @ldap_count_entries($ldapConnection, $ldapSearch);
if (!$ldapCount) {
die('account not found');
} else {
if (!$ldapEntry = @ldap_get_entries($ldapConnection, $ldapSearch)) {
die('Could not get ldap entry');
}
$distinguishedName = $ldapEntry[0]['distinguishedname'][0];
if (empty($distinguishedName)) {
die('Account information not found');
}
if(!@ldap_bind($ldapConnection, $distinguishedName, $_POST['password'])) {
die('Password Incorrect');
}
echo ' <h1>Logged in successfully</h1>
<h2>User Details</h2>';
echo '<pre>' . print_r($ldapEntry[0], true) . '</pre>';
}
} else {
echo ' <form method="post">
Username: <input name="username"><br>
Password: <input name="password" type="password"><br>
<input type="submit" value="login">
</form>';
}
?>
这是错误显示
<?php
$ldapBaseDomain = 'ou=employee,dc=domainname';
$ldapServer = 'domainname';
$ldapUsername = 'xxx';
$ldapPassword = 'yyy';
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $_POST['username'])) {
die('Please enter a valid username');
}
if (!$ldapConnection = @ldap_connect($ldapServer)) {
die('Could not connect to ldap server');
}
if (!@ldap_bind($ldapConnection, $ldapUsername, $ldapPassword)) {
die('Could not bind to ldap server');
}
if (!$ldapSearch = @ldap_search($ldapConnection, $ldapBaseDomain, $_POST['username'])) {
die('Could not complete ldap search');
}
$ldapCount = @ldap_count_entries($ldapConnection, $ldapSearch);
if (!$ldapCount) {
die('account not found');
} else {
if (!$ldapEntry = @ldap_get_entries($ldapConnection, $ldapSearch)) {
die('Could not get ldap entry');
}
$distinguishedName = $ldapEntry[0]['distinguishedname'][0];
if (empty($distinguishedName)) {
die('Account information not found');
}
if(!@ldap_bind($ldapConnection, $distinguishedName, $_POST['password'])) {
die('Password Incorrect');
}
echo ' <h1>Logged in successfully</h1>
<h2>User Details</h2>';
echo '<pre>' . print_r($ldapEntry[0], true) . '</pre>';
}
} else {
echo ' <form method="post">
Username: <input name="username"><br>
Password: <input name="password" type="password"><br>
<input type="submit" value="login">
</form>';
}
?>
无法完成ldap搜索
任何解决此问题的提示在LDAP搜索中,您必须使用有效的LDAP筛选器。如果用户名为“johndoe”,则您当前只需搜索“johndoe”。这类似于执行以下SQL搜索: 您必须让LDAP服务器有机会知道在哪里搜索“johndoe”。因此,您应该使用类似于
sAMAccountName=johndoe
(对于ActiveDirectory)或uid=johndoe
(对于OpenLdap)的内容
关于更深入的示例,请看您是否可以使用“tail-f/var/logs/dirsrv/access”从LDAP服务器中放置访问日志?我正在使用windows AD,那么它是如何实现的?当您从
LDAP\u搜索
中删除@
时,您是否会收到任何错误消息?使用您的示例,我是否应该声明$host='ip'$端口='端口';像这样那么确切的错误信息是什么?您可能还想调用ldap\u errno
和ldap\u error
这是错误appers---Parse error:语法错误,意外的“无连接”(T\u CONSTANT\u ENCAPSED\u STRING)