首先我的证书经过100次良好的测试。
我的PHP代码:
$ldapurl = "IP_ADDRESS";
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn = ldap_connect($ldapurl) or die ("no con");
ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$dn = "user@domain.local";
$ps = 'Password';
$ldapbind = @ldap_bind($ldapconn,$dn,$ps);
我可以以匿名身份成功绑定,但是当我添加用户和密码时,绑定失败。
LDAP调试:
ldap_init: trying c:\openldap\sysconf\ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldap://192.168.17.2:389)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.17.2:389
ldap_new_socket: 500
ldap_prepare_socket: 500
ldap_connect_to_host: Trying 192.168.17.2:389
ldap_pvt_connect: fd: 500 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 14BADDF0 msgid 1
wait4msg ld 14BADDF0 msgid 1 (infinite timeout)
wait4msg continue ld 14BADDF0 msgid 1 all 1
** ld 14BADDF0 Connections:
* host: 192.168.17.2 port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 20 12:55:22 2019
** ld 14BADDF0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 14BADDF0 request count 1 (abandoned 0)
** ld 14BADDF0 Response Queue:
Empty
ld 14BADDF0 response count 0
ldap_chkResponseList ld 14BADDF0 msgid 1 all 1
ldap_chkResponseList returns ld 14BADDF0 NULL
ldap_int_select
read1msg: ld 14BADDF0 msgid 1 all 1
read1msg: ld 14BADDF0 msgid 1 message type bind
read1msg: ld 14BADDF0 0 new referrals
read1msg: mark request completed, ld 14BADDF0 msgid 1
request done: ld 14BADDF0 msgid 1
res_errno: 49, res_error: <80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52f, v3839>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_err2string
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
错误代码为49 / 52F
Account Restrictions are preventing this user from signing in.
但是我对此用户没有任何限制。我已经从控制台成功地将自己连接到AD。
我已经尝试使用$dn = "cn=user,dc=domain,dc=local"或其他组合成功了
答案 0 :(得分:0)
请尝试使用此代码,我刚刚使用过它。它为我工作:
$ldap_password = 'password';
$ldap_username = 'email_address';
$ldap_connection = @ldap_connect(IP address);
if (FALSE === $ldap_connection){
echo 'Uh-oh, something is wrong...';
}
// We have to set this option for the version of Active Directory we are using.
@ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
@ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
$ad_users = [];
if (@ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
$ldap_base_dn = 'DC=domain,DC=com';
$search_filter = '(&(objectCategory=person)(samaccountname=*))';
$attributes = array();
$attributes[] = 'givenname';
$attributes[] = 'mail';
$attributes[] = 'samaccountname';
$attributes[] = 'sn';
$result = @ldap_search($ldap_connection, $ldap_base_dn, $search_filter, $attributes);
if ($result){
$entries = @ldap_get_entries($ldap_connection, $result);
for ($x=0; $x<$entries['count']; $x++){
if (!empty($entries[$x]['givenname'][0]) &&
!empty($entries[$x]['mail'][0]) &&
!empty($entries[$x]['samaccountname'][0]) &&
!empty($entries[$x]['sn'][0]) &&
'Shop' !== $entries[$x]['sn'][0] &&
'Account' !== $entries[$x]['sn'][0]){
$ad_users[strtoupper(trim($entries[$x]['samaccountname'][0]))] = array('email' => strtolower(trim($entries[$x]['mail'][0])),'first_name' => trim($entries[$x]['givenname'][0]),'last_name' => trim($entries[$x]['sn'][0]));
}
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
}
echo "Retrieved ". count($ad_users) ." Active Directory users\n";
echo '<pre>';print_r($ad_users);echo '</pre>';