Authenticating against LDAP with ApacheDS and PHP

913 views Asked by At

I'm wondering how to authenticate against ApacheDS in PHP. I keep getting a "Invalid Credentials" when I try to log on as a user in a group. I can log in as "uid=admin,ou=system" just fine, but if I try "uid=,ou=consumers,ou=system", it returns "Invalid Credentials".

It is important to note that this is not the full DN of the entry. It's more like "uid=...+gn=...+...,ou=consumers,ou=system". I can search and find this value just fine when bound to the administrator and the API account.

How do I bind to a user just to authenticate and retrieve information on them (like the rest of their attributes and the children of their entry? Here's what I'm doing and failing.

$dn = ldap_connect($serveraddress,10389);
$bn = ldap_bind("uid=".$user.",ou=consumers,ou=system");
var_dump($bn);
var_dump(ldap_error($dn);

Thank you for any help you can provide.

Edit: So I've gotten farther. Why is this a protocol error?

$ds=ldap_connect("192.168.1.126",10389);  // must be a valid LDAP server!
if ($ds) ldap_bind($ds,"uid=apiaccess,ou=system",...);
else die("!Can't connect to server");

$userid = md5($user);
$results = ldap_get_entries($ds,ldap_search($ds,"ou=consumers,ou=system","(uid=".$userid.")"));
$result = $results[0]["dn"];
echo $result;
if ($ds) ldap_bind($ds,$result,$pass);
else die("!Can't connect to server");
var_dump(ldap_error($ds));
1

There are 1 answers

2
Stephen On BEST ANSWER

You need to tell PHP to use LDAPv3.

Before you call ldap_bind, add the following call:

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);