ldap_bind() - 无法联系LDAP服务器

时间:2015-03-18 19:00:04

标签: php ldap centos lamp openldap

我有一台安装了LAMP堆栈的运行CentOS 7的VM。在VM上我正在尝试创建与我的域控制器(即Windows 2008 R2 VM)的LDAPS连接。我使用的SSL证书是自签名的,CA已添加到CentOS 7 CA信任中。

我可以通过ldapsearch连接到域控制器。将ldapsearch调试级别设置为1,我可以验证我的证书是否有效。

ex.) ldapsearch -H "ldaps://server.ad.com" -D "domain\user-name" -W -d 1

每当我尝试通过php使用LDAPS时,我会收到ldap_connect()成功,但ldap_bind()始终出现错误,而不能联系LDAP服务器。下面是一个代码示例:

<?php

define(LDAP_OPT_DIAGNOSTIC_MESSAGE,0x0032);
echo "defined LDAP_OPT_DIAGNOSTIC_MESSAGE <br />";

$handle = ldap_connect("ldaps://server.ad.com:636");
echo "called ldap_connect <br />";
$errorCode = ldap_errno( $handle );
echo "error code: $errorCode <br />";
$errorMsg = ldap_error( $handle );
echo "error message: $errorMsg <br />";

if (!$handle)
{
    echo "ldap_connect method returned null <br />";
}
else
{
    echo "ldap_connect returned a handle! <br />";
}

$bind = ldap_bind($handle, 'domain\user', 'password');
echo "called ldap_bind <br />";
$errorCode2 = ldap_errno( $handle );
echo "error code: $errorCode2 <br />";
$errorMsg2 = ldap_error( $handle );
echo "error message: $errorMsg2 <br />";

if (!$bind)
{
    echo "ldap_bind method returned null <br />";
}
else
{
    echo "ldap_bind returned a bind! <br />";
}

if(ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error))
{
    echo "Error binding to LDAP: $extended_error";
}
else
{
    echo "Error bind to LDAP: No additional information is available.";
}   
?>

输出:

defined LDAP_OPT_DIAGNOSTIC_MESSAGE
called ldap_connect
error code: 0
error message: Success
ldap_connect returned a handle!
called ldap_bind
error code: -1
error message: Can't contact LDAP server
ldap_bind method returned null
Error bind to LDAP: No additional information is available.

我觉得&#34;无法联系LDAP服务器&#34;过于通用的错误消息,所以我尝试添加LDAP_OPT_DIAGNOSTIC_MESSAGE(http://php.net/manual/en/function.ldap-bind.php - 第一条评论)。但这似乎不起作用。

任何想法?

1 个答案:

答案 0 :(得分:1)

经过进一步调查,我发现通过命令行运行这个PHP文件会成功绑定。从浏览器中查看它时失败了。

通过这些信息,我能够在ServerFault上提出另一个问题,并发现由于SELinux配置,此绑定实际上已失败。

请在此处查看完整答案:https://serverfault.com/questions/677013/php-executes-with-different-results-in-command-line-than-when-browsed-to-in-apac