I know that my mistake is going to be something really simple but I have tried to find the problem and I do not see it, maybe you can help me....
I am trying to create a function with php, so I can be able to connect to LDAP and find the desired information.
My php code is the following:
$ldapconfig['host'] = "127.0.0.1";
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = "dc=example,dc=com";
$ldapconfig['binddn'] = "user";
$ldapconfig['bindpw'] = "password";
function ldap_authenticate($user, $pass) {
global $ldapconfig;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if ($user != "" && $pass != "") {
$ds=ldap_connect($ldapconfig['host'],$ldapconfig['port']);
if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
return NULL;
}
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
$r = ldap_search( $ds, $ldapconfig['basedn'], 'sAMAccountName=' . $user);
if ($r) {
$result = ldap_get_entries( $ds, $r);
if ($result[0]) {
if (ldap_bind( $ds, $result[0]['dn'], $pass) ) {
return $result[0]['mail'][0];
}
}
}
}
return NULL;
When I try to run the code it gives me the following mistake: ldap_bind invalid DN syntax on line xxxx and that line is the following:
ldap_bind( $ds, $ldapconfig['binddn'], $ldapconfig['bindpw']);
The Invalid DN syntax (34) means the LDAP server did not receive a full DN or that the correct prefix was not specified, such as CN instead of UID, which results in the LDAP server not receiving a correct DN.
This can occur if the vCenter Server is restored to an earlier version from backups or an older snapshot. To resolve this issue, reset the password for the user account listed in the vmdird-syslog. log file.
LDAP Error Code 34 indicates that the configured User or Group Mapping BaseDN does not follow correct syntax.
As stated in the error, your bind DN is the wrong format. DN's represent the full path to the object - so in your case should be something like this (looks like you're on AD?)
"cn=username,ou=domain users,dc=example,dc=com"
Depending on your flavor of LDAP (Active Directory, OpenLDAP etc), you might be able to use a uid (so just 'username') to bind, but it's best to assume that you always need the full DN.
You can use an LDAP tool like Apache Directory Studio to help build queries and find out what object's DN's are. Or there's ldp.exe too (provided it's AD), but directory studio is easier to use.
On a DC, Executing: dsquery user -samid jim
will reveal the DN of the user matching the sAMAccountName: "CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com"
http://ldapwiki.willeke.com/wiki/LDAP%20and%20Active%20Directory
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With