Posted by Bing Du on 11/21/05 23:48

Hello,

The following script returns 'LDAP bind failed...'.

<?php
echo "Connecting ...<br />";

$ldaprdn = "jsmith\@dept.some.edu";
$ldappass = "jsmithpass";

$ds=ldap_connect("ad.dept.some.edu");

if ($ds) {
echo "Binding ...<br />";
$r=ldap_bind($ds, $ldaprdn, $ldappass);

if ($r) {
echo "LDAP bind successful...<br />";
} else {
echo "LDAP bind failed...<br />";
}
} else {
echo "LDAP connection failed...<br />";
}

?>

If I change $ldaprdn to be "CN=John
Smith,OU=Users,OU=DEPT,DC=some,DC=edu", then bind returns 'LDAP bind
successful...'.

However AD supports username to be in jsmith@dept.some.edu format
because querying from the command line works:

% ldapsearch -h ad.dept.some.edu -s sub -b "dc=dept,dc=some,dc=edu" -x
-D jsmith@dept.some.edu -W "samaccountname=jsmith"

Our AD only allows authenicated bindings. We don't know user's DN
before binding. So anybody know how to make PHP allow
$ldaprdn="jsmith\@dept.some.edu"?

Thanks in advance,

Bing

• Next in forum: security question... "man in the middle attacks"
• Prev in forum: forking problem and logging off - solved
• Thread view: username format when binding to Active Directory?

[Reply to this message]