How to connect a script made in PHP LDAP with Windows AD using SSL connection?

Asked

Viewed 1,542 times

4

I have the code in PHP LDAP to change password in Active Directory:

<?php

$usuario="xxx";
$senha_atual="0000";
$senha_nova="11111";
$pessoas="casa.cafe.br";
$servidor="1.1.1.1";
$porta=389;
$portas=636;
$base="CN=$usuario,CN=Users,DC=casa,DC=cafe,DC=br";
$rdn=$usuario."@".$pessoas;

$con = @ldap_connect("ldap://".$servidor, $portas) or die("Erro na conexao ao servidor {$servidor}");
if ($con) {

    ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($con, LDAP_OPT_REFERRALS, 0);

    $bind = ldap_bind($con, $rdn, $senha_atual);
    echo "Passou do ldap_bind($con, $usuario."@".$pessoas, $senha_atual);";
    // verify binding
    if ($bind) {

            $userdata["mail"] = "[email protected]";
            $userdata["unicodepwd"] = iconv( 'UTF-8', 'UTF-16LE', "\"".$senha_nova."\"" );

            echo "<pre>";
            var_dump($userdata);
            echo "</pre>";

            $rs = ldap_modify($con, $base, $userdata);

            echo "<br><br>";
            ldap_get_option($con,LDAP_OPT_ERROR_STRING,$error);
            echo $error;
            echo "<br><br>";

            if ($rs) {

                  $msg="Senha foi atualizada com sucesso!";

              }else{

                  $msg="Ocorreu um erro ao trocar a senha! Contate o Administrador.";

              }

    } else {

         $msg="Usuario inexistente ou senha incorreta! Tente novamente.";

    }
}
?>

When I try to change the user password shows the following message:

Warning: ldap_modify(): Modify: Server is unwilling to perform in

Using the code:

ldap_get_option($con,LDAP_OPT_ERROR_STRING,$error);

echo $error;

Show this message:

0000001F: Svcerr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), date 0

Searching I found solutions that say that to be able to change the password I need a PHP SSL connection with Windows AD, how can I configure the PHP of my local machine that is running XAMPP and Windows AD to be able to connect via SSL?

bs.: Using XAMPP with PHP Version 7.1.1 (Local Host) and Windows Server 2012 (Network Server).

  • 1

    Put the windows tag to call the guys that start better AD. I was curious with this question

  • I just posted @Daniel, thanks.

1 answer

3

Friend first SSL has to be configured on your LDAP server. Once this configuration exists 2 details to be noticed the link ldap:// will be with S at the end ldaps://... And it is necessary that the certificate is also on the client side, configures its path as an environment variable! Making sure it works :)

<?php

putenv('LDAPTLS_CACERT=./ca.pem'); //caminho para o seu CERTIFICADO
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

//AS LINHAS ACIMA DEVE IR ANTES DO SEU ldap_connect() 

$l = ldap_connect("ldaps://ldap/"); //ATENTE-SE AO LDAPS
ldap_set_option($l, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($l, "cn=SeuCN,dc=SeuDC", "xxxxxxx");
echo(ldap_error($l)."\n");
$s = ldap_search($l, "dc=SeuDC", "uid=test");
echo(ldap_count_entries($l, $s)."\n");
?>
  • oi @Anderson-souza when placing ldaps in ldap_connect shows the following error: "Warning: ldap_bind(): Unable to bind to server: Can’t contact LDAP server in"

  • Put the certificate on your machine ? Your LDAP supports SSL?

  • I don’t have the certificate yet, you have a tutorial that teaches you how to configure the certificate on both client and windows server side?

  • Then it is necessary to transfer this question to Windows, ask the guys to explain to you how to do this and generate the certificate. Done this you go back to your application

Browser other questions tagged

You are not signed in. Login or sign up in order to post.