以下是我正在使用的功能,用于将登录我的应用程序的用户绑定到Windows Active Directory帐户。
经过一些简单的测试,到目前为止我所知道的:
当试图验证用户对活动目录的凭据时,似乎跳过了第二条IF语句。似乎并没有执行此步骤,因为一旦第一个IF语句完成,它将使用户登录到应用程序中。
private function bind_as_user($username, $password) {
// preset the return marker
$return = false;
// preset the process step marker
$continue = true;
// check for non-empty parameters
if (strlen($username) > 0 && strlen($password) > 0) {
// First, bind to AD using the standard user (from the config)
if (!$this -> bind_ad()) {
$continue = false;
}
if ($continue) {
// Look for the specified user in AD (using the standard user
// from the config)
if (!$return = $this -> search_ad($username, array(
'dn',
'cn',
'objectguid',
'userprincipalname',
'samaccountname'
))) {
// User doesn't exist!
$continue = false;
}
}
if ($continue) {
/*
Now we have an LDAP session properly configured and we know the
specified user exists, attempt to bind again as this user.
Note: don't want any LDAP error message to appear - handle that
in the app
*/
if (!$bind = @ldap_bind($this -> _ldap_conn,
stripslashes($return['samaccountname']), $password)) {
log_message('debug', 'Auth_AD: Unable to log in the user.');
$return = false;
}
}
}
return $return;
}