Ldap Bind And Search Confusion

[crwork]

Have a project where I'm trying to connect to an LDAP server with a user and password.

 

My issue is that I can connect to the LDAP with ldap_bind (return code in TRUE), but it doesn't care what I use for a password. It will let me in anonymously or with a known LDAP email address. However I can put in a bad password and it still lets me in.

 

One question I have: is it only possible to use a user password on the ldap_bind step? After I do the bind, I'd like to do a search, via ldap_search. But since the bind is ignoring the password, is there another way to authenticate a password on the ldap_search?

 

 

$ldaprdn='cn=vvv@vvv.com,ou=Service,o=theorg,dc=com'; 
$ldapbind = ldap_bind($ldap,$ldaprdn); 

 

This works even when I put in a bogus password:

$ldaprdn='cn=vvv@vvv.com,ou=Service,o=theorg,dc=com'; 
$ldapbind = ldap_bind($ldap,$ldaprdn, 'testpw'); 

 

It returns TRUE.

 

 

The end result is that if a user is trying to log in on a form that validates against the LDAP, their user id will be checked, but they could put in any password they want and it will let them in.

 

Any suggestions?