我正在使用这个小PHP脚本(最小化[正常工作]来证明这一点)来验证AD用户
define('WLU_LDAP_SERV', 'ldaps://test.domain.com:636');
define('WLU_LDAP_BASE', 'OU=Employees,OU=UsersGroups,DC=test,DC=domain,DC=com');
function ldapAuthentication($username, $password)
{
$response = array();
$err = array();
$filter = 'CN='.$username;
$dnbase = $filter . ',' . WLU_LDAP_BASE;
$fields = array("cn","mail","displayname");
$link = @ldap_connect(WLU_LDAP_SERV);
$bind = @ldap_bind($link, $dnbase, $password);
$resl = @ldap_search($link, WLU_LDAP_BASE, $filter, $fields);
if ($resl) {
$info = @ldap_get_entries($link, $resl);
}
return $info;
}
我正在尝试使用.htaccess文件复制相同的进程但我的身份验证失败
AuthType Basic
AuthBasicProvider ldap
LDAPReferrals Off
AuthLDAPBindAuthoritative off
AuthLDAPURL ldaps://test.domain.com:636/OU=Employees,OU=UsersGroups,DC=test,DC=domain,DC=com
AuthLDAPBindDN CN=someusername,OU=Employees,OU=UsersGroups,DC=test,DC=domain,DC=com
AuthName "AD authentication"
Require ldap-user
我明白了
Authentication required!
This server could not verify that you are authorized to access the URL "/". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
In case you are allowed to request the document, please check your user-id and password and try again.
If you think this is a server error, please contact the webmaster.
Error 401
答案 0 :(得分:2)
您的代码看起来不错。鉴于您使用的是Windows,我建议您在AuthLDAPBindDN和AuthLDAPURL周围添加引号。
对于Require,请尝试'valid-user'而不是'ldap-user'。在您的AuthLDAPURL结束时,您可能还需要NONE标志 - 请在此处查看类似问题:
https://serverfault.com/questions/432844/authenticate-users-with-ldap-and-apache-2-4
祝你好运!