A
Anonymous
Guest
Hi all,
I'm new to LDAP binding script, I'm trying to check if the script I found is correct to be able to use it back on my company as LDAP authentication script, for this I'm using this https://documize.github.io/ad-ldap-test-server/. Everything seems to be working (connection to ldap server) but the only way I get through the authentication is using something like this: CN=Mr Manager,CN=Users,DC=mycompany,DC=local as username. When I use the username itself for instance (Mr Manager) get the message:
"Unable to login: Invalid credentials".
Something is missing, something not resolving the username but I can't get it, here the code I'm using, any help is welcome
I'm new to LDAP binding script, I'm trying to check if the script I found is correct to be able to use it back on my company as LDAP authentication script, for this I'm using this https://documize.github.io/ad-ldap-test-server/. Everything seems to be working (connection to ldap server) but the only way I get through the authentication is using something like this: CN=Mr Manager,CN=Users,DC=mycompany,DC=local as username. When I use the username itself for instance (Mr Manager) get the message:
"Unable to login: Invalid credentials".
Something is missing, something not resolving the username but I can't get it, here the code I'm using, any help is welcome
Code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');
define('DOMAIN_FQDN', 'DC=mycompany,DC=local');
define('LDAP_SERVER', 'documize-ad.eastus.cloudapp.azure.com');
if (isset($_POST['submit']))
{
$user = $_POST['username'];
$pass = $_POST['password']; //Pass@word1!
$conn = ldap_connect("ldap://".LDAP_SERVER."/",389);
if (!$conn)
$err = 'Could not connect to LDAP server';
else
{
//define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($conn, $user, $pass);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
if (!empty($extended_error))
{
$errno = explode(',', $extended_error);
$errno = $errno[2];
$errno = explode(' ', $errno);
$errno = $errno[2];
$errno = intval($errno);
if ($errno == 532)
$err = 'Unable to login: Password expired';
}
elseif ($bind)
{
$base_dn = array("CN=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)),
"DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
$result = ldap_search(array($conn,$conn), $base_dn, "(CN=*)");
if (!count($result))
$err = 'Unable to login: '. ldap_error($conn);
else
{
foreach ($result as $res)
{
$info = ldap_get_entries($conn, $res);
for ($i = 0; $i < $info['count']; $i++)
{
if (isset($info[$i]['displayName']) AND strtolower($info[$i]['displayName'][0]) == strtolower($user))
{
session_start();
$username = explode('@', $user);
$_SESSION['foo'] = 'bar';
// set session variables...
break;
}
}
}
}
}
}
// session OK, redirect to home page
if (isset($_SESSION['foo']))
{
header('Location:"index.php"');
exit();
}
elseif (!isset($err)) $err = 'Unable to login: '. ldap_error($conn);
ldap_close($conn);
}
?>
<!DOCTYPE html><head><title>Login</title></head>
<style>
* { font-family: Calibri, Tahoma, Arial, sans-serif; }
.errmsg { color: red; }
#loginbox { font-size: 12px; }
</style>
<body>
<div align="center"><img id="imghdr" src="img/logo.jpg" height="300" /><br><br><h2>CREDENTIALS</h2><br><br>
<div style="margin:10px 0;"></div>
<div title="Login" style="width:500px" id="loginbox">
<div style="padding:10px 0 10px 0px">
<form action="login.php" id="login" method="post">
<table><?php if (isset($err)) echo '<tr><td colspan="2" class="errmsg">'. $err .'</td></tr>'; ?>
<tr>
<td>User:</td>
<td><input type="text" name="username" style="border: 1px solid #ccc;" autocomplete="off"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" style="border: 1px solid #ccc;" autocomplete="off"/></td>
</tr>
</table>
<input class="button" type="submit" name="submit" value="Login" />
</form>
</div>
</div>
</div>
</body>
</html>