PHP ldap - 需要强(er)身份验证

2022-01-17 00:00:00 ldap php

我有一个执行 LDAP 连接、绑定和搜索的 PHP 脚本.它与大多数 Active Directory 服务器配合得很好,但是我们的一个客户遇到了问题.脚本返回

I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns

Strong(er) authentication required.

尝试 ldap_bind 时出错.

error when trying ldap_bind.

我所做的所有搜索都指向两个可能的问题:

All the searches I made directed me to two possible problems:

  1. 我必须将 LDAP_OPT_PROTOCOL_VERSION 设置为 3 - 这是我之前做过和做过的,所以这不是我的问题.
  2. AD 服务器被配置为使用 SSL 身份验证 - 但我们的客户坚持认为它是默认的 Windows 2008 R2 服务器安装,并且肯定不会默认使用 SSL.
  1. I have to set LDAP_OPT_PROTOCOL_VERSION to 3 - which I do and did before, so this can not be my problem.
  2. The AD server is configured to use SSL authentication - but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure.

还有哪些其他原因会导致此错误发生?

What other causes could be for this error to happen?

Active Directory 服务器上需要 SSL ...

It was SSL required on Active Directory server ...

推荐答案

如果 Active Directory 服务器需要,您必须使用 ldaps://.如果是无效证书颁发机构的问题,您可以通过发出来忽略 windows 中的有效性

You have to use ldaps:// if it's required by the Active Directory server. If it's a problem with invalid certificate authority, you can ignore the validity in windows by issuing

putenv('LDAPTLS_REQCERT=never');

在您的 php 代码中.在 *nix 中,您需要编辑您的 /etc/ldap.conf 以包含

in your php code. In *nix you need to edit your /etc/ldap.conf to contain

TLS_REQCERT never

其他常见问题可以参考我的帖子PHP 无法连接到 LDAP Oracle Directory Server 企业版

For other common problems, you can refer to my post at PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition

对于工作示例代码,您可以查看:使用 PHP 安全绑定到 Active Directory 的问题

For working example code, you can have a look at: Problems with secure bind to Active Directory using PHP

相关文章