PHP\u AUTH\u用户和LDAP
我正在尝试通过带有Active Directory的LDAP对PHP webapp的用户进行身份验证PHP\u AUTH\u用户和LDAP,php,authentication,header,active-directory,ldap,Php,Authentication,Header,Active Directory,Ldap,我正在尝试通过带有Active Directory的LDAP对PHP webapp的用户进行身份验证 <?php $ldapconfig['host'] = 'ldapserv.xx.uni.edu'; $ldapconfig['port'] = 389; $ldapconfig['basedn'] = 'dc=xx, dc=uni, dc=edu'; $ldapconfig['authrealm'] = 'Secure Area'; functi
<?php
$ldapconfig['host'] = 'ldapserv.xx.uni.edu';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=xx, dc=uni, dc=edu';
$ldapconfig['authrealm'] = 'Secure Area';
function ldap_authenticate() {
global $ldapconfig;
global $PHP_AUTH_USER;
global $PHP_AUTH_PW;
if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
$ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']) or exit ("Error connecting to LDAP server.");
//Settings for AD
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER);
if ($r) {
$result = @ldap_get_entries( $ds, $r);
if ($result[0]) {
if (@ldap_bind( $ds, 'uni\\' . $PHP_AUTH_USER, $PHP_AUTH_PW) ) {
return $result[0];
}
}
}
}
header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
header('HTTP/1.0 401 Unauthorized');
return NULL;
}
if (($result = ldap_authenticate()) == NULL) {
echo('Authorization Failed <br />');
exit(0);
}
echo('Authorization success');
print_r($result);
?>
最新的PHP版本在默认情况下不再提供$PHP_AUTH_USER和$PHP_AUTH_PW变量,因此您的脚本甚至无法进行LDAP检查。删除最后两行“全局”并将这些变量替换为$\u SERVER['PHP\u AUTH\u USER']和$\u SERVER['PHP\u AUTH\u PW']
如果没有帮助,请删除@字符以查看是否有错误。最近的PHP版本在默认情况下不再提供$PHP_AUTH_USER和$PHP_AUTH_PW变量,因此您的脚本甚至无法进行LDAP检查。删除最后两行“全局”并将这些变量替换为$\u SERVER['PHP\u AUTH\u USER']和$\u SERVER['PHP\u AUTH\u PW']
如果没有帮助,请删除@字符以查看是否有错误。我能够使用会话\u寄存器获得登录身份验证(以及更简单的代码)
我能够通过会话注册获得登录身份验证(以及更简单的代码)
<?php
if (isset($_POST['submitted'])) {
$username =$_POST['username'];
$password=$_POST['password'];
$ldap = ldap_connect("ldapserv.xx.uni.edu", 389) or exit ("Error connecting to LDAP server.");
//Settings for AD
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if($bind = ldap_bind($ldap, 'uni\\'.$username, $password)) {
//Log them in!
session_register("username");
session_register("password");
header("Location: https://" . $_SERVER['HTTP_HOST'] . substr($_SERVER['REQUEST_URI'], 0, -9) . "index.php" );
exit;
} else {
echo('Invalid username or password.<br /><br />');
}
}
?>