I am tried to implement a LDAP authentication in my web application developed in ZF2. LDAP authentication is working fine in Windows 7.
But, after moving the application to LINUX machine, LDAP authentication is not working. I am always getting the error as : Warning: ldap_bind(): Unable to bind to server: Can’t contact LDAP server in LdapConnect.php on line 20
I have used the scripts as:
$ldaphost = "ldap://xxxx.net"; $ldapport = 389; $ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost"); if ($ds) { $username = "username@xxxx.net"; $upasswd = "password"; $ldapbind = ldap_bind($ds, $username, $upasswd); if ($ldapbind) { print "Congratulations! you are authenticated successfully."; }else{ print "Better luck next time!"; } }
Should I install any software package or should I do any config settings?
Note: If I give the IP adress then it is working fine, but if I give the domain name, then it is not working.
Advertisement
Answer
The library may be different between the 2, or a different version. You’d be amazed how many variations of the ldap client there are. In your position I would (if available) use ldap client to make the same kind of connection a few different ways.
e.g. the “-x” on the standard ldapsearch: -x Use simple authentication instead of SASL.
So you could express the connection like this:
ldapsearch -h xxxx.net -p 389 (etc) ldapsearch -x -h ldap://xxxx.net:389 (this should actually be -H..)
and so on. It is also possible for things outside of your code to be an issue. Prod servers often have firewalls and proxies (e.g. F5) that are transparent to the server/client. Make sure your final code has exception handling for binding and searching. I’m not too familiar with the php implementation, and the doco is a tad thin. Normally you’d use a synchronous bind.
Can you verify that the code above is exactly as you had it on Windows? The reason I ask is that looking here: http://php.net/manual/en/function.ldap-connect.php it seems that you may be mixing 2 types of bind. I definitely wouldn’t have done it like that in standard python.
So if using a URI normally you’d do it like this:
ldap_connect("ldap://blah:389")
and if you’re connecting via host/port combo:
ldap_connect("blah","389")
With minimal exception info my best guess is that its actually trying to bind to a hostname “ldap://xxxx.net” on port “389”.