我一直在尝试创建一个简单的PHP LDAP登录页面,一旦成功将在我的Web应用程序中实现。我之前从未设置过LDAP身份验证登录,所以这对我来说都是新手。我一直在网上查看几个PHP登录表单示例,但无法工作。我通过https://www.hawaii.edu/bwiki/display/UHIAM/LDAP+Authentication找到了一个示例页面,我正在使用代码来测试我的LDAP测试页面。以下是我设置的验证码:
<?php
// LDAP configuration
$host = 'ldap://ldap.server.name.example';
$baseDn = 'ou=people,dc=cgi,dc=ca';
$username_attr = 'uid';
$admDn = '';
$admPw = '';
// Global error message for LDAP authentication
$ldap_status = NULL;
/*
* Authenticated a username. The reason for a failure can be
* gotten from $ldap_status.
*
* Return boolean
*/
function ldap_authenticate($username, $password) {
global $admDn, $admPw, $ldap_status;
error_log("authenticate($username)");
if (!isset($username) || $username == '') {
$ldap_status = "no username entered";
return false;
}
if (!isset($password) || $password == '') {
$ldap_status = "no password entered";
return false;
}
$ldap = _get_ldap_conn();
if (!isset($ldap)) {
$ldap_status = "No connection to LDAP server";
return false;
}
if (! _bind($ldap, $admDn, $admPw)) {
$ldap_status = "Can't contact LDAP server";
return false;
}
$dn = _lookup($ldap, $username);
if (! isset($dn) || $dn == '') {
return false;
}
if (_bind($ldap, $dn, $password)) {
return true;
}
$ldap_status = "No such user or bad password";
return false;
}
//-----------------------------------------------------------------
//----- Helpers
//----- Don't call these directly.
//-----------------------------------------------------------------
// Return LDAP resource or NULL
function _get_ldap_conn() {
global $host, $ldap_status;
$ldap = ldap_connect($host);
if (isset($ldap)) {
return $ldap;
}
error_log("_get_ldap_conn() can't connect to $host" , 0);
return NULL;
}
// Return boolean
function _bind($ldap, $dn, $pw) {
$rc = false;
/*
* Caution: The caller must check for a blank password because
* binding with a blank password will succeed as
* as anonymous bind. When binding with the user's
* DN and password to authenticate them this will yield
* a false positive.
*/
if (!isset($dn) || $dn == '' || !isset($pw) || $pw == '') {
$rc = ldap_bind($ldap);
$bind_dn = 'anonymous';
}
else {
$rc = ldap_bind($ldap, $dn, $pw);
$bind_dn = $dn;
}
if ($rc) {
error_log("_bind() bound as $bind_dn", 0);
}
else {
error_log("_bind() can't bind as $bind_dn", 0);
}
return $rc;
}
// Return DN for username or NULL
function _lookup($ldap, $username) {
global $username_attr, $baseDn, $ldap_status;
$filter = "$username_attr=$username";
$results = ldap_search($ldap, $baseDn, $filter,
array('dn', 'cn', 'username'));
$info = ldap_get_entries($ldap, $results);
$count = $info['count'];
error_log("_lookup() $count entries returned");
ldap_free_result($results);
if ($count < 1) {
$ldap_status = "$username not found";
return NULL;
}
if ($count == 1) {
$dn = $info[0]['dn'];
$cn = $info[0]['cn'][0];
error_log("_lookup() found $dn ($cn) for $username");
return $dn;
}
error_log("_lookup() found more than one entry for $username");
$ldap_status = "Too many entries for $username";
return NULL;
}
?>
现在尝试使用所有这些设置登录时,我收到一条消息:
ellison.montero is NOT Authenticated!
Reason: ellison.montero not found
我认为这与以下变量$ username_attr,$ admDn和$ admPw有关。我不明白这些是什么或它在寻找什么。我联系了我的LDAP专家并询问了url和base dn。他给了我以下基础DN ou=people,dc=cgi,dc=ca并给了我正确的URL。所以我不确定此时我还需要什么。任何帮助都是适用的。