Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

LDAP issue, ldap_bind invalid dn syntax

Tags:

php

ldap

I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....

I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.

My php code is the following:

$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";


function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); 
if ($user != "" && $pass != "") {
    $ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
    if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
        return NULL;
    }
    ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
    ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
    $r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
    if ($r) {
        $result = ldap_get_entries( $ds, $r);
        if ($result[0]) {
            if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
                return $result[0]['mail'][0];
            }
        }
    }
}
return NULL;

When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:

ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
like image 208
Humberto Avatar asked Nov 21 '12 05:11

Humberto


People also ask

What is invalid DN syntax?

The Invalid DN syntax (34) means the LDAP server did not receive a full DN or that the correct prefix was not specified, such as CN instead of UID, which results in the LDAP server not receiving a correct DN.

How do I fix LDAP Error 49?

This can occur if the vCenter Server is restored to an earlier version from backups or an older snapshot. To resolve this issue, reset the password for the user account listed in the vmdird-syslog. log file.

What does LDAP error code 34 indicate?

LDAP Error Code 34 indicates that the configured User or Group Mapping BaseDN does not follow correct syntax.


2 Answers

As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)

"cn=username,ou=domain users,dc=example,dc=com"

Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you might be able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.

You can use an LDAP tool like Apache Directory Studio to help build queries and find out what object's DN's are. Or there's ldp.exe too (provided it's AD), but directory studio is easier to use.

like image 57
dearlbry Avatar answered Oct 19 '22 22:10

dearlbry


On a DC, Executing: dsquery user -samid jim

will reveal the DN of the user matching the sAMAccountName: "CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com"

http://ldapwiki.willeke.com/wiki/LDAP%20and%20Active%20Directory

like image 26
jwilleke Avatar answered Oct 19 '22 23:10

jwilleke