authentication - PHP ldap_get_entries() return count=zero -
i trying authenticate users' login against ldap(server mac el capitan).
i can connect , bind ldap server.
i can search , sort result.
but when perform "ldap_get_entries",i received "zero" entry.
i've tried stackoverflow google's second page.
any suggestions or idea why might happening?
code -
<?php session_start(); // starting session $error=''; // variable store error message if (isset($_post['submit'])) { if (empty($_post['email']) || empty($_post['password'])) { $error = "username or password invalid"; } else { $usernamelogin=$_post['email']; $passwordlogin=$_post['password']; $username = stripslashes($usernamelogin); $password = stripslashes($passwordlogin); echo "user name ".$username; echo "</br>"; $ldapuser = "uid=xxxxxx,cn=users,dc=dns1,dc=xxxxxxxx,dc=com"; $ldappass = "xxxxxxxxxxx"; $url = "ldap://dns1.xxxxxxx.com:389"; $ldap = ldap_connect("$url") or die("could not connect ldap server."); $basedn = "cn=users,dc=dns1,dc=xxxxxxxxx,dc=com"; ldap_set_option($ldap, ldap_opt_protocol_version, 3); ldap_set_option($ldap, ldap_opt_referrals,0); $bind = ldap_bind($ldap, $ldapuser, $ldappass); if($bind) { echo "connected ldap"; echo "</br>"; $filter="(samaccountname=$username)"; echo "filter = ".$filter; echo "</br>"; $result = ldap_search($ldap,$basedn,$filter) or die("could not search."); echo "result = ".$result; echo "</br>"; $sort = ldap_sort($ldap,$result,"uid"); echo "sort = ".$sort; echo "</br>"; $number = ldap_count_entries($ldap, $result); echo "count entries = ".$number; echo "</br>"; $info = ldap_get_entries($ldap, $result); echo "data " . $info["count"] . " items returned:<p>"; echo "info = ".$info; echo "</br>"; echo '<pre>'; print_r($info); echo '</pre>'; echo "</br>"; $fentry= ldap_first_entry($ldap, $result); echo "first entry = ".$fentry; ($i=0; $i<$info["count"]; $i++) { if($info['count'] > 1) break; echo "<p>you accessing <strong> ". $info[$i]["sn"][0] .", " . $info[$i]["givenname"][0] ."</strong><br /> (" . $info[$i]["samaccountname"][0] .")</p>\n"; echo '<pre>'; var_dump($info); echo '</pre>'; $userdn = $info[$i]["distinguishedname"][0]; } ldap_close($ldap); } else{ echo "cannot connect ldap."; } }} ?> 
i can connect - bind - search "ldap_get_entries()" returns zero.
first: can skip or die "could not connect ldap server" never happen. ldap_connect checks parameter syntactical correctness , not connect server. actual connection happens on first call server ldap_bind. that's why conncetion issues surface on ldap_bind , not on ldap_connect.
second: did samaccountname from? that's field that's used activedirectory. in apples opendirectory user identified uid-attribute. filter should sprintf('uid=%s', $username).
third: doubt users in group "open directory administrators" allowed bind agains ldap. sure ones allowed edit directory every other user can bind well.
fourth: ldap_sort deprecated now. it's not sorting on server side on client side. returned results sorted. when have paged results means - though sorted result - there still entries fit right in between results. i'm working on way use server-sided sorting relies on feature available on server. can use ldap_sort can implement own sorting on result set.
so change filter uid=$username , you'll expected results. mail attribute might contain full email-address , might therefore fail! can adapt filter search more 1 field. have @ this slide short examples.
Comments
Post a Comment