connect AD via php and ssl

Asked

Viewed 968 times

0

I am trying to connect my php application for authentication with Active Directory from Windows Server 2003, using ssl hold authentication. but it n connects returns this error

PHP Warning: ldap_bind(): Unable to bind to server: Can’t contact LDAP server in /var/www/html/Ldap/teste1.php

//Here’s the code I use

AD_server = "ldaps://meuservidor";
$AD_Auth_User = "password";

$protocolVersion = 3;
$ldap = ldap_connect($AD_server);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $protocolVersion) ;

ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_bind($ldap);
if (ldap_errno($ldap)) {
   exit('Nao foi possivel conectar no servidor');
}else{ 
   return true;
}
?>
php

  • The error seems clear that your script is unable to connect to the server. You are adding the Domain controller and the domain to his name? For example: ldaps://meuservidor.DOMAINCONTROLLER.suaempresa.com.br depending on how the AD server is configured there.

  • looks with ldap:meuservidor it connects, but when I use ldaps://meuservidor it n connects

  • Is your AD server enabled over SSL? Is the certificate valid? Take a look at this one link.

  • I’ve done all this but I don’t know what’s going on, he doesn’t want to connect, I’ve been in this problem for 7 days, I need help!!

1 answer

1

First perform a connection test on port 636 of the LDAP server.

LDAP uses port 389, whereas LDAPS (LDAP over SSL) uses port 636. You can connect on this port via a telnet connection?

  • yes, using a windows machine, but when I use my pc with Ubuntu the server immediately closes the connection

  • You can try a SSL access test using the command: openssl s_client -connect meuservidor:636, which message returns?

  • hi @denisvm am having trouble changing passwords via php ldap can you help me please? I can change the email data but when I try to change the password it shows this message: Warning: ldap_modify(): Modify: Server is unwilling to perform

  • @Thiagophilipp, the password exchange process through LDAP is different in the case of Windows. The password must be changed through the field unicodePwd using characters in BER format. The following Microsoft article contains more information: https://support.microsoft.com/en-us/help/269190/how-to-change-a-windows-active-directory-and-lds-user-password-through-ldap

  • @denisvm You can give me some tips on how to configure the windows server (network server) and the xampp server (local machine) to connect via SSL with the php ldap code in Windows AD and can have permission to change the password of AD users please?

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.