我有代码将用户添加到php
中的ladp服务器function ldapAddUser($ ldap_conn,$ ou_dn,$ firstName,$ lastName,$ username,$ pwdtxt,$ email){
$dn = "CN=$firstName $lastName," . $ou_dn;
$ldaprecord['givenName'] = $firstName;
$ldaprecord['sn'] = $lastName;
$ldaprecord['mail'] = $email;
$ldaprecord['objectclass'] = array("top", "person", "organizationalPerson", "user");
$ldaprecord["sAMAccountName"] = $username;
$ldaprecord["userprincipalname"] = $username . '@test.local';
$ldaprecord["UserAccountControl"] = "544";
$r = ldap_add($ldap_conn, $dn, $ldaprecord);
var_dump($r);
$encodedPass = array('userpassword' => "{SHA}" . base64_encode( sha1( $newPassw, TRUE ) ));
echo "Change password ";
if (ldap_mod_replace($ldap_conn, $dn, $encodedPass)) {
echo "succeded";
} else {
echo "failed";
}
$group_name = "CN=LDAP Testing,OU=Test,DC=test,DC=local";
$group_info['member'] = $dn;// User's DN is added to group's 'member' array
ldap_mod_add($ldap_conn,$group_name,$group_info);
}
**用户将成功添加,但在我尝试使用该用户登录后添加用户时,它不允许我登录并给出错误,如**
块引用
绑定到LDAP的错误:80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v23f0
登录
功能登录($ username,$ password) {
$ip = "XX.XX.XX.XX"; // WAN IP goes here;
$ldap_url = "ldap://$ip";
$ldaps_url = "ldaps://$ip";
$ldap_domain = 'test.local';
$ldap_dn = "dc=test,dc=local";
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
// Unsecure - WORKS
$ldap_conn = ldap_connect($ldap_url) or die("Could not connect to LDAP server ($ldap_url)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
echo $password;
$result = ldap_bind($ldap_conn, "$username@$ldap_domain", $password);
if (!$result) {
if (ldap_get_option($ldap_conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
echo "Error Binding to LDAP: $extended_error";
} else {
echo "Error Binding to LDAP: No additional information is available.";
}
}
}
但如果我手动登录管理员登录界面,然后为添加的用户重置密码,那么用户将使用我的登录功能成功登录。
如果有任何想法,请提供建议
由于 PRATIK
答案 0 :(得分:1)
尝试将其用于密码哈希
function hash_password($password) // SSHA with random 4-character salt
{
$salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
return '{SSHA}' . base64_encode(mhash(MHASH_SHA1,$password.$salt). $salt);
}