通过安全域上的 PHP 连接到非安全 LDAP 服务器
我正在尝试连接到客户端 IT 人员说没有 SSL 证书的 LDAP 服务器。这是在他们的域中的一个测试文件上,该域安装了 SSL。假设该文件位于 https://client.org/test_LDAP.php
所以我使用非常简单的代码连接,在过去的一个月里与另一个客户端工作得很好:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
define("LDAP_SERVER","ldap://name.their.junk");
define("LDAP_BASE","CN=Users,DC=their,DC=junk");
$username = 'CN=Username,'.LDAP_BASE;
$password = "Password";
$ldap = ldap_connect(LDAP_SERVER, 389) or die("Can't connect to LDAP server");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3) ;
if (ldap_bind($ldap, $username, $password)) {
ldap_unbind($ldap);
echo 'OK - Login valid';
} else {
die(ldap_error($ldap) . ' (' . ldap_errno($ldap) . ')');
}
如果我从安装了 SSL 的域运行代码,这是否意味着我必须使用 ldaps 和端口 636,即使客户端的 AD 服务器没有有证书吗?我已经在不安全的启动域和他的安全活动域上尝试了两个端口以及 ldaps: 和 ldap: 的代码。似乎什么都不起作用。但他发誓用户名和密码以及所有变量都是正确的,并告诉我使用他们的 IP 代替主机名(例如 ldap:000.000.000.00)。
我在这里做错了什么吗?
是的,我确实在服务器端正确配置了 LDAP,因为我们最近才能够对另一个客户端执行完全相同的操作。
任何见解将不胜感激。
I am trying to connect to an ldap server that the client's IT guy says does not have an SSL certificate. This is on a test file on their domain, which has an SSL installed. Let's say the file is at https://client.org/test_LDAP.php
So I use very simple code to connect, which has worked fine with another client just in the past month:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
define("LDAP_SERVER","ldap://name.their.junk");
define("LDAP_BASE","CN=Users,DC=their,DC=junk");
$username = 'CN=Username,'.LDAP_BASE;
$password = "Password";
$ldap = ldap_connect(LDAP_SERVER, 389) or die("Can't connect to LDAP server");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3) ;
if (ldap_bind($ldap, $username, $password)) {
ldap_unbind($ldap);
echo 'OK - Login valid';
} else {
die(ldap_error($ldap) . ' (' . ldap_errno($ldap) . ')');
}
If I am running code from a domain with an SSL installed, does that mean I HAVE to use ldaps and port 636, even if the client's AD server doesn't have a Certificate? I've tried the code with both ports and both ldaps: and ldap: on an unsecured launch domain and also his secured live domain. Nothing seems to work. But he swears the username and password and all of the variables are correct, and told me to use their IP instaed of the hostname (ldap:000.000.000.00 for example).
Am I doing something wrong here?
And yes, I DO have LDAP configured correctly on my server end, because we just were able to do this exact same thing with another client recently.
Any insight would be much appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您尝试在 Windows 2003 Server Active Directory 或更高版本上执行搜索,则似乎必须将 LDAP_OPT_REFERRALS 选项设置为 0:
If you try to perform the searches on Windows 2003 Server Active Directory or above, it seems that you have to set the LDAP_OPT_REFERRALS option to 0: