Jump to content

[SOLVED] Problems with LDAP query

lonewolf217

By lonewolf217
in Miscellaneous

 Share

Recommended Posts

lonewolf217 Member

lonewolf217

Posted
Posted

I am trying to create a very simple login page and I am having a little difficulty with authenticating

 

$ldap['user'] = $_POST['username'];
$ldap['pass'] = $_POST['userpass'];
$ldap['host'] = 'dcserver.com';
$ldap['port'] = 389;
$ldap['dn'] = 'DC=domain,DC=com';
$ldap['base'] = 'CN=Users,DC=domain,DC=com';

// connecting to ldap

$ldap['conn'] = ldap_connect( $ldap['host'], $ldap['port'] ) or die( 'Could not connect to server');

// binding to ldap
$ldap['bind'] = ldap_bind( $ldap['conn'], $ldap['dn'], 'password' );

if( !$ldap['bind'] )
{
    echo ldap_error( $ldap['conn'] );
    exit;
}
// search for the user on the ldap server and return all
// the user information
$ldap['result'] = ldap_search( $ldap['conn'],'','(cn='.$ldap['user'].')');

 

This is basically the beginning of the code up to the search.  The problem is that the user will login using the alias, but the only thing that I can successfully search on so far is the distinguished name.

 

i.e. the user is John Doe with a login of jdoe.  I can successfully find the user if i use

 

$ldap['result'] = ldap_search( $ldap['conn'], $ldap['base'],'(CN=John Doe');

 

but I cannot figure out how to map the login "jdoe" to the DN "John Doe".

 

What am i missing ?  :(

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

for the ldap_bind, you need the person's unique DN, which usually looks something like uid=jdoe,DC=domain,DC=com

 

what are you dealing with for $_POST['username']? is it "John Doe" or jdoe?

 

also, if you run this, what is the output?

<?php
$ldap['host'] = 'dcserver.com';
$ldap['port'] = 389;
$ldap['dn'] = 'DC=domain,DC=com';
$ldap['base'] = 'CN=Users,DC=domain,DC=com';

$ldap['conn'] = ldap_connect( $ldap['host'], $ldap['port'] ) or die( 'Could not connect to server');
$ldap['bind'] = ldap_bind( $ldap['conn'] ) or die(ldap_error( $ldap['conn'] ));
$ldap['result'] = ldap_search( $ldap['conn'],$ldap['base'],'(cn=John Doe)');
print 'DN: '.ldap_get_dn($ldap['conn'],ldap_first_entry($ldap['result']));
?>

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

ok...no problem...a couple questions...

 

1) Can you anonymously bind to the LDAP directory? If you can run the ldap_bind() with no user/pass, then this means yes.

 

2) What attribute field is the 'jdoe' username stored in?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.