Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP ldap - Strong(er) authentication required

Tags:

php

ldap

I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns

Strong(er) authentication required.

error when trying ldap_bind.

All the searches I made directed me to two possible problems:

  1. I have to set LDAP_OPT_PROTOCOL_VERSION to 3 - which I do and did before, so this can not be my problem.
  2. The AD server is configured to use SSL authentication - but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure.

What other causes could be for this error to happen?

UPDATE

It was SSL required on Active Directory server ...

like image 765
Patkos Csaba Avatar asked May 13 '11 12:05

Patkos Csaba


People also ask

Does LDAP require authentication?

A user cannot access information stored within an LDAP database or directory without first authenticating (proving they are who they say they are). The database typically contains user, group, and permission information and delivers requested information to connected applications.

What are three ways to LDAP authenticate?

LDAP v3 supports three types of authentication: anonymous, simple and SASL authentication.


2 Answers

You have to use ldaps:// if it's required by the Active Directory server. If it's a problem with invalid certificate authority, you can ignore the validity in windows by issuing

putenv('LDAPTLS_REQCERT=never');

in your php code. In *nix you need to edit your /etc/ldap.conf to contain

TLS_REQCERT never

For other common problems, you can refer to my post at PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition

For working example code, you can have a look at: Problems with secure bind to Active Directory using PHP

like image 123
Jon Skarpeteig Avatar answered Sep 28 '22 11:09

Jon Skarpeteig


I had the same problem and it seems that there was a typo in my bind_rdn, so make sure that the credentials are correct.

like image 39
bogtan Avatar answered Sep 28 '22 12:09

bogtan