我有一個外部web服務器,我正在遷移。我試圖通過LDAP在內部服務器上對Active Directory進行身份驗證。我能夠使用相同的代碼連接並從舊服務器(Ubuntu 8)進行身份驗證,但無法在新服務器上進行身份驗證(Redhat 7)。PHP LDAP連接無法聯繫LDAP服務器
外部服務器當前正在運行Redhat 7,運行PHP 5.4.16且啓用了LDAP支持(php-ldap)。
內部服務器當前是具有LDAP和Active Directory的Windows Server 2008框。
下面的代碼是我使用的當前PHP能夠連接舊服務器,但在新服務器上有問題。它基本上使用PHP的LDAP連接字符串並嘗試綁定。我用標識符替換了一些個人信息。 (用戶名,子域名等)
<?php
$adServer = "ldaps://subdomain.domain.edu";
$ldap = ldap_connect($adServer);
$username = 'USERNAME';
$password = 'PASS';
$ldaprdn = 'DOMAIN' . "\\" . $username;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
$filter="(sAMAccountName=$username)";
$result = ldap_search($ldap,"dc=subdomain,dc=domain,dc=edu",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
for ($i=0; $i<$info["count"]; $i++)
{
if($info['count'] > 1)
break;
echo "<p>You are accessing <strong> ". $info[$i]["sn"][0] .", " . $info[$i]["givenname"][0] ."</strong><br /> (" . $info[$i]["samaccountname"][0] .")</p>\n";
echo '<pre>';
var_dump($info);
echo '</pre>';
$userDn = $info[$i]["distinguishedname"][0];
}
@ldap_close($ldap);
} else {
$msg = "Invalid email address/password";
echo $msg;
}
?>
在新服務器上,我能夠連接到LDAP服務器就好使用該ldapsearch命令:
ldapsearch -x -LLL -h sub-domain.domain.edu -D 'CN=DOMAIN\USERNAME' -w 'PASS' -b "dc=subdomain,dc=domain,dc=edu" -s sub "(objectClass=user)" givenName
這裏是我的ldap.conf的文件(/etc/openldap/ldap.conf
,新的服務器)
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERTDIR /etc/openldap/certs
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
TLS_REQCERT never
這是我在錯誤日誌(新服務器)獲取:
ldap_create
ldap_url_parse_ext(ldaps://subdomain.domain.edu)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP subdomain.domain.edu:636
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying XXX.18X.XX.19:636
ldap_pvt_connect: fd: 10 tm: -1 async: 0
attempting to connect:
connect errno: 13
ldap_close_socket: 10
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying XXX.18X.XX.24:636
ldap_pvt_connect: fd: 10 tm: -1 async: 0
attempting to connect:
connect errno: 13
ldap_close_socket: 10
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying XXX.18X.XX.41:636
ldap_pvt_connect: fd: 10 tm: -1 async: 0
attempting to connect:
connect errno: 13
ldap_close_socket: 10
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying 2002:XXXX:XXXX::XXXX:XXXX 636
ldap_pvt_connect: fd: 10 tm: -1 async: 0
attempting to connect:
connect errno: 13
ldap_close_socket: 10
ldap_err2string
[Mon Feb 23 15:20:28.689775 2015] [:error] [pid 12299] [client 10.25.XX.XX:53630] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/html/index2.php on line 19