I'm having issues performing an authenticated bind against the server. The issues doesn't appear to be in code however maybe a server issue.
Just so you know;
- LDAP is enabled in Apache/PHP
- I'm connecting as user@domain.com
- The domain controller has LDAP running and an entry in the firewall (Windows Server 2008 R2) The issue might be here, this was setup as a DC and is running LDAP by default. I did no special configuration on LDAP
- I can perform an anonymous bind but not an authenticated one
I can bind anonymously using this script;
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding anonymously
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
echo "LDAP bind anonymous successful...";
} else {
echo "LDAP bind anonymous failed...";
}
}
However when I try to do an authenticated bind using this script, it fails.
// Authenticated Bind
$ldaprdn = 'username@domain.com'; // ldap rdn or dn
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("machinename.domain.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
Where am I going wrong?
Best Answer
Okay, after much investigation I have turned on error info using
ldap_errno()
andldap_error()
and found it bringing back the error 'Strong(er) authentication required' have discovered two possible solutions;Adjust Group Policy Settings
No signing requirements (Domain Controller: LDAP server signing requirements)
Result: Managed to bind successfully and when I enter the username or password incorrectly and it throws an 'Invalid credentials' as expected.
Enable LDAP over SSL (LDAPS)