3

我知道这在以前已经得到了回答,但它无法帮助我(除非它有,但由于我有限的 php 知识它没有帮助)。下面是我的代码:

<body>
<html>     

<?php
//echo var_dump($_POST);
        $user = "".$_POST["username"]."";
        settype($user, "string");
        $password = $_POST["password"];
        $ldap_host = "ldap.burnside.school.nz";
        $base_dn = "ou=students,o=bhs";
        $ldap_user = "(cn=".$user.")";
        $filter = "($ldap_user)"; // Just results for this user
        $ldap_pass = "".$password."";

        $connect = ldap_connect($ldap_host)
                or exit(">>Could not connect to LDAP server<<");
        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);

        // This next bit is the important step.  Bind, or fail to bind.  This tests the username/password.        
        if (ldap_bind($connect, $ldap_user.",".$base_dn, $ldap_pass)) {
            $read = ldap_search($connect, $base_dn, $filter)
                or exit(">>Unable to search ldap server<<");

            // All the next 8 lines do is get the users first name.  Not required
            $info = ldap_get_entries($connect, $read);
            $ii = 0;
            for ($i = 0; $ii < $info[$i]["count"]; $ii++) {
                $data = $info[$i][$ii];
                if ($data == "givenname") {
                    $name = $info[$i][$data][0];
                }
            }

            ldap_close($connect);
            header("Location: success.php?name=$name");
        } 
        else {
            ldap_close($connect);
            //header("Location: failure.php?user=$user");
        }
        ?>

</body>
</html>

我在第 21 行收到一个错误,当我绑定到服务器时说:

警告:ldap_bind():无法绑定到服务器:第 21 行 S:\XAMPP\htdocs\PhpProject1\LDAP_main.php 中的 DN 语法无效

有人能解决这个问题吗?当我将我的代码实现为接收用户名和密码时,它才开始发生,$_POST但正如你在我的注释中看到的那样,// echo var_dump($_POST)我实际上正在接收我想要的数据。

4

1 回答 1

3

Your DN for binding to the LDAP-Server is (cn=[username]),ou=students,o=bhs which is not a valid DN-Syntax. That should read cn=[username],ou=students,o=bhs without the braces.

You have mixed up an LDAP-Filter (the stuff inside the braces) with a DN.

I'd do an LDAP authentication in the following way:

  1. Bind anonymously or with a default user where you know the DN
  2. Use that user to do a search for all users that match a certain filter that contains the provided username. you can use a filter like (|(mail=[username])(cn=[username])(uid=[username])) to look for entries that have the username in the mail, cn or uid-attribute
  3. Get the DN from the returned Entry (if there are no or more than one entry there is no appropriate user existent so we can skip the rest)
  4. bind to the ldap again with that retreived DN and the provided password.

Have a look at https://gist.github.com/heiglandreas/5689592

于 2014-10-14T16:55:51.653 回答