从php脚本

时间:2015-07-30 12:06:01

标签: php ldap openldap

我有代码将用户添加到php

中的ladp服务器

function ldapAddUser($ ldap_conn,$ ou_dn,$ firstName,$ lastName,$ username,$ pwdtxt,$ email){

$dn = "CN=$firstName $lastName," . $ou_dn;
$ldaprecord['givenName'] = $firstName;
$ldaprecord['sn'] = $lastName;
$ldaprecord['mail'] = $email;
$ldaprecord['objectclass'] = array("top", "person", "organizationalPerson", "user");
$ldaprecord["sAMAccountName"] = $username;

$ldaprecord["userprincipalname"] = $username . '@test.local';
$ldaprecord["UserAccountControl"] = "544";

$r = ldap_add($ldap_conn, $dn, $ldaprecord);
var_dump($r);

$encodedPass = array('userpassword' =>  "{SHA}" . base64_encode( sha1( $newPassw, TRUE ) ));

echo "Change password ";
if (ldap_mod_replace($ldap_conn, $dn, $encodedPass)) {
    echo "succeded";
} else {
    echo "failed";
}

$group_name = "CN=LDAP Testing,OU=Test,DC=test,DC=local";
$group_info['member'] = $dn;// User's DN is added to group's 'member' array
ldap_mod_add($ldap_conn,$group_name,$group_info);

}

**用户将成功添加,但在我尝试使用该用户登录后添加用户时,它不允许我登录并给出错误,如**

  

块引用

绑定到LDAP的错误:80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v23f0

登录

功能登录($ username,$ password) {

$ip = "XX.XX.XX.XX";  // WAN IP goes here;
$ldap_url = "ldap://$ip";
$ldaps_url = "ldaps://$ip";
$ldap_domain = 'test.local';
$ldap_dn = "dc=test,dc=local";
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
// Unsecure - WORKS
$ldap_conn = ldap_connect($ldap_url) or die("Could not connect to LDAP server ($ldap_url)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
echo $password;
$result = ldap_bind($ldap_conn, "$username@$ldap_domain", $password);
if (!$result) {
    if (ldap_get_option($ldap_conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
        echo "Error Binding to LDAP: $extended_error";
    } else {
        echo "Error Binding to LDAP: No additional information is available.";
    }
}

}

但如果我手动登录管理员登录界面,然后为添加的用户重置密码,那么用户将使用我的登录功能成功登录。

如果有任何想法,请提供建议

由于 PRATIK

1 个答案:

答案 0 :(得分:1)

尝试将其用于密码哈希

function hash_password($password) // SSHA with random 4-character salt
{
    $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
    return '{SSHA}' . base64_encode(mhash(MHASH_SHA1,$password.$salt). $salt);
}
相关问题
最新问题