我尝试使用 PHP 绑定 LDAP,但出现此错误
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server on line 21
第21行的脚本是这样的。
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
以下是在 LDAP 中连接的脚本:
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 389);
if ($conn_status === FALSE) {
die("Couldn't connect to LDAP service");
} else {
echo "Successful! <br/>";
}
下面是绑定到 LDAP 的脚本:
$app_user = 'cn=user, dc=domain, dc=com';
$app_pass = 'password';
$username = 'user'; //same as cn
$password = 'password'; //same as $app_pass
$bind_status = ldap_bind($conn_status, $app_user, $app_pass);
if ($bind_status === FALSE) {
die("Couldn't bind to LDAP as application user");
} else {
echo "Bind to LDAP successfully <br/>";
}
我更新的 LDAP 绑定脚本
$bind_status = ldap_bind($conn_status, $username, $password);
if ($bind_status === FALSE) {
//die("Couldn't bind to LDAP <br/>");
echo "LDAP-Errno: " . ldap_errno($ds) . "<br />";
} else {
echo "Bind to LDAP successfully <br/>";
}
现在我收到此错误:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Operations error on line 21
第 21 行是这样的:
$bind_status = ldap_bind($conn_status, $username, $password);
当我使用
var_dump (@ldap_bind($conn_status, "cn=Username, ou=domain, ou=com"));
结果是
bool(false)
请帮助我解决这个问题。谢谢
通常ldaps侦听端口 636/tcp 和ldap starttls侦听端口 389/tcp。
$ldap_URI = "ldap://ldap.example.com/" ;
$ldap_bind_dn = "cn=myapplication,ou=service accounts,dc=example,dc=com" ;
$ldap_bind_dn_password = "hopefully something long and complicated" ;
$ldap_connection = ldap_connect($ldap_URI) ;
if(ldap_start_tls($ldap_connection)){
if(!ldap_bind($ldap_connection,$ldap_bind_dn,$ldap_bind_dn_password)) ;
//TODO: return/throw some error/exception here to be handled by caller, regarding invalid credentials
}else{
ldap_close($ldap_connection);
//TODO: return/throw some error/exception here to be handled by caller, regarding starttls failure
}
- 检查全局 LDAP 配置的 TLS 设置,通常
/etc/openldap/ldap.conf或/etc/ldap/ldap.conf. - 如果您使用 SELinux,请检查
httpd_can_connect_ldap,即$ getsebool httpd_can_connect_ldap
也:
当使用 OpenLDAP 2.x.x 时,ldap_connect() 将始终返回一个资源,因为它实际上并不连接,而只是初始化连接参数。实际连接发生在下一次调用 ldap_* 函数时,通常使用 ldap_bind()。--
php manual
在ldap_connect方法中,您指定了安全 LDAP 连接ldaps,但仍使用标准端口进行389。如果您尝试建立安全连接,请删除端口号,ldap_connect将找出正确的端口或使用端口 636。否则,请使用端口号 389 的 ldap 进行不安全连接。
也
$conn_status = ldap_connect('ldap://ldap.domain.com/');
$conn_status = ldap_connect('ldap://ldap.domain.com/', 389);
或
$conn_status = ldap_connect('ldaps://ldap.domain.com/');
$conn_status = ldap_connect('ldaps://ldap.domain.com/', 636);