我想根据我的 ZF2 应用程序中的活动目录检查用户名/密码。我为此使用 Zend\Authentication\Adapter\Ldap 并且它部分工作。
这是我的代码:
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Adapter\Ldap as AuthAdapter;
$username = 'johndoe';
$password = 'xxx';
$auth = new AuthenticationService();
$adapter = new AuthAdapter(
array('server1'=>array(
'host' => '192.168.0.3',
'useStartTls' => false,
'useSsl' => false,
'accountDomainName' => 'domain.local',
'accountDomainNameShort' => 'DOMAIN',
'accountCanonicalForm' => 3,
'accountFilterFormat' => '(&(objectClass=user)(sAMAccountName=%s))',
'baseDn' => 'CN=Users,DC=domain,DC=local',
'bindRequiresDn' => false,
'optReferrals' => false
)),
$username,
$password
);
$result = $auth->authenticate($adapter);
var_dump($result);
如果我设置了错误的密码,我会得到以下结果:
object(Zend\Authentication\Result)#279 (3) {
["code":protected]=>
int(-3)
["identity":protected]=>
string(3) "johndoe"
["messages":protected]=>
array(4) {
[0]=>
string(19) "Invalid credentials"
[1]=>
string(124) "0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe"
[2]=>
string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals="
[3]=>
string(151) "johndoe authentication failed: 0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe"
}
}
使用正确的密码,结果会发生变化:
object(Zend\Authentication\Result)#279 (3) {
["code":protected]=>
int(-1)
["identity":protected]=>
string(3) "johndoe"
["messages":protected]=>
array(4) {
[0]=>
string(22) "Account not found: johndoe"
[1]=>
string(68) "0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))"
[2]=>
string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals="
[3]=>
string(95) "johndoe authentication failed: 0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))"
}
}
为什么找不到帐户?我的 accountFilterFormat 有问题吗?
sAMAccountName 和 objectClass 似乎是有效的。我用 Sysinternals Active Directory 浏览器检查了这个:
使用此工具进行类似的搜索可以正常工作: