我正在尝试根据these instructions from MSDN连接到Windows Server 2008中的AD。在调用ldap_bind_s之前一切正常,但后来我得到错误的0x31代码(The supplied credential is invalid)。
用户名和密码是正确的,我已多次检查过。
使用C ++ MSVS 2015.这是我的代码示例。
PWSTR host_name = L"ad.server.ip.address";
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_init(host_name, LDAP_PORT);
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n", LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");
ULONG version = LDAP_VERSION3;
ULONG lRtn = 0;
lRtn = ldap_set_option(
pLdapConnection,
LDAP_OPT_PROTOCOL_VERSION,
(void*)&version);
if (lRtn == LDAP_SUCCESS)
printf("ldap version set to 3.0 \n");
else
{
printf("SetOption Error:%0lX\n", lRtn);
ldap_unbind(pLdapConnection);
return hr;
}
lRtn = ldap_connect(pLdapConnection, NULL);
if (lRtn == LDAP_SUCCESS)
printf("ldap_connect succeeded \n");
else
{
printf("ldap_connect failed with 0x%lx.\n", lRtn);
ldap_unbind(pLdapConnection);
return -1;
}
PWSTR pMyDN = L"DC=ad,DC=domain,DC=name";
SEC_WINNT_AUTH_IDENTITY secIdent;
//adm@ad.domain.name
unsigned short login[18] = { 'a', 'd', 'm', '@', 'a', 'd', '.', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'n', 'a', 'm', 'e' }; //18
secIdent.User = login;
secIdent.UserLength = 18;
//mypassword
unsigned short password[10] = { 'm', 'y', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' }; //10
secIdent.Password = password;
secIdent.PasswordLength = 10;
//ad.domain.name
unsigned short domain[14] = { 'a', 'd', '.', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'n', 'a', 'm', 'e' }; //14
secIdent.Domain = dmn;
secIdent.DomainLength = 14;
secIdent.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
lRtn = ldap_bind_s(
pLdapConnection, // Session Handle
pMyDN, // Domain DN
(PWCHAR)&secIdent, // Credential structure
LDAP_AUTH_NEGOTIATE); // Auth mode
if (lRtn == LDAP_SUCCESS)
{
printf("ldap_bind_s succeeded \n");
secIdent.Password = NULL; // Remove password pointer
pPassword = NULL; // Remove password pointer
}
else
{
printf("ldap_bind_s failed with 0x%lx.\n", lRtn);
ldap_unbind(pLdapConnection);
return -1;
}
控制台输出:
ldap_init succeeded
ldap version set to 3.0
ldap_connect succeeded
ldap_bind_s failed with 0x31.
Cannot execute query. Cannot bind to LDAP
在我看来,编码或域名可能会发生错误。但根据this answer,SEC_WINNT_AUTH_IDENTITY结构中的域字段将被忽略。此外,我尝试设置secIdent.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;而没有任何结果。
以下是与同一AD服务器成功连接的PHP代码段
$this->c = ldap_connect("ad.server.ip.address");
ldap_set_option($this->c, LDAP_OPT_PROTOCOL_VERSION, 3);
$r = ldap_bind($this->c,'adm@ad.domain.name','mypassword');
答案 0 :(得分:0)
在观看this example
后,找到了解决方案我应该在LDAP_AUTH_SIMPLE中使用LDAP_AUTH_NEGOTIATE身份验证方法而不是ldap_bind_s(),或者只使用ldap_simple_bind_s()。
工作代码段
PWSTR host_name = L"ad.server.ip.address";
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_init(host_name, LDAP_PORT);
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n", LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");
ULONG version = LDAP_VERSION3;
ULONG lRtn = 0;
lRtn = ldap_set_option(
pLdapConnection, // Session handle
LDAP_OPT_PROTOCOL_VERSION, // Option
(void*)&version); // Option value
if (lRtn == LDAP_SUCCESS)
printf("ldap version set to 3.0 \n");
else
{
printf("SetOption Error:%0lX\n", lRtn);
ldap_unbind(pLdapConnection);
return 0;
}
lRtn = ldap_connect(pLdapConnection, NULL);
if (lRtn == LDAP_SUCCESS)
printf("ldap_connect succeeded \n");
else
{
printf("ldap_connect failed with 0x%lx.\n", lRtn);
ldap_unbind(pLdapConnection);
return -1;
}
PWCHAR user_name = L"adm@ad.domain.name";
PWCHAR password = L"mypassword";
lRtn = ldap_simple_bind_s(pLdapConnection, user_name, password);
if (lRtn == LDAP_SUCCESS)
{
printf("ldap_simple_bind_s succeeded \n");
}
else
{
printf("ldap_simple_bind_s failed with 0x%lx.\n", lRtn);
ldap_unbind(pLdapConnection);
return -1;
}