I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....
I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.
My php code is the following:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)
"cn=username,ou=domain users,dc=example,dc=com"
Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you might be able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.
You can use an LDAP tool like Apache Directory Studio to help build queries and find out what object's DN's are. Or there's ldp.exe too (provided it's AD), but directory studio is easier to use.
On a DC, Executing: dsquery user -samid jim
will reveal the DN of the user matching the sAMAccountName: "CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com"
http://ldapwiki.willeke.com/wiki/LDAP%20and%20Active%20Directory