PHP ldap - 需要强(er)身份验证
我有一个执行 LDAP 连接、绑定和搜索的 PHP 脚本.它与大多数 Active Directory 服务器配合得很好,但是我们的一个客户遇到了问题.脚本返回
I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns
Strong(er) authentication required.
尝试 ldap_bind 时出错.
error when trying ldap_bind.
我所做的所有搜索都指向两个可能的问题:
All the searches I made directed me to two possible problems:
- 我必须将
LDAP_OPT_PROTOCOL_VERSION
设置为3
- 这是我之前做过和做过的,所以这不是我的问题. - AD 服务器被配置为使用 SSL 身份验证 - 但我们的客户坚持认为它是默认的 Windows 2008 R2 服务器安装,并且肯定不会默认使用 SSL.
- I have to set
LDAP_OPT_PROTOCOL_VERSION
to3
- which I do and did before, so this can not be my problem. - The AD server is configured to use SSL authentication - but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure.
还有哪些其他原因会导致此错误发生?
What other causes could be for this error to happen?
Active Directory 服务器上需要 SSL ...
It was SSL required on Active Directory server ...
推荐答案
如果 Active Directory 服务器需要,您必须使用 ldaps://
.如果是无效证书颁发机构的问题,您可以通过发出来忽略 windows 中的有效性
You have to use ldaps://
if it's required by the Active Directory server. If it's a problem with invalid certificate authority, you can ignore the validity in windows by issuing
putenv('LDAPTLS_REQCERT=never');
在您的 php 代码中.在 *nix 中,您需要编辑您的 /etc/ldap.conf
以包含
in your php code. In *nix you need to edit your /etc/ldap.conf
to contain
TLS_REQCERT never
其他常见问题可以参考我的帖子PHP 无法连接到 LDAP Oracle Directory Server 企业版
For other common problems, you can refer to my post at PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition
对于工作示例代码,您可以查看:使用 PHP 安全绑定到 Active Directory 的问题
For working example code, you can have a look at: Problems with secure bind to Active Directory using PHP
相关文章