PHP LDAP issue

Links for php scripts

Moderators: gesf, Michalio

Post Reply

Hi all,

I'm new to LDAP binding script, I'm trying to check if the script I found is correct to be able to use it back on my company as LDAP authentication script, for this I'm using this Everything seems to be working (connection to ldap server) but the only way I get through the authentication is using something like this: CN=Mr Manager,CN=Users,DC=mycompany,DC=local as username. When I use the username itself for instance (Mr Manager) get the message:

"Unable to login: Invalid credentials".

Something is missing, something not resolving the username but I can't get it, here the code I'm using, any help is welcome

Code: Select all

ini_set('display_errors', 'On');

define('DOMAIN_FQDN', 'DC=mycompany,DC=local');
define('LDAP_SERVER', '');

if (isset($_POST['submit']))
    $user = $_POST['username'];
    $pass = $_POST['password']; //Pass@word1!

    $conn = ldap_connect("ldap://".LDAP_SERVER."/",389);

    if (!$conn)
        $err = 'Could not connect to LDAP server';

        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if (!empty($extended_error))
            $errno = explode(',', $extended_error);
            $errno = $errno[2];
            $errno = explode(' ', $errno);
            $errno = $errno[2];
            $errno = intval($errno);

            if ($errno == 532)
                $err = 'Unable to login: Password expired';

        elseif ($bind)
            $base_dn = array("CN=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), 
                "DC=". join(',DC=', explode('.', DOMAIN_FQDN)));

            $result = ldap_search(array($conn,$conn), $base_dn, "(CN=*)");

            if (!count($result))
                $err = 'Unable to login: '. ldap_error($conn);

                foreach ($result as $res)
                    $info = ldap_get_entries($conn, $res);

                    for ($i = 0; $i < $info['count']; $i++)
                        if (isset($info[$i]['displayName']) AND strtolower($info[$i]['displayName'][0]) == strtolower($user))

                            $username = explode('@', $user);
                            $_SESSION['foo'] = 'bar';

                            // set session variables...


    // session OK, redirect to home page
    if (isset($_SESSION['foo']))

    elseif (!isset($err)) $err = 'Unable to login: '. ldap_error($conn);

<!DOCTYPE html><head><title>Login</title></head>
* { font-family: Calibri, Tahoma, Arial, sans-serif; }
.errmsg { color: red; }
#loginbox { font-size: 12px; }
<div align="center"><img id="imghdr" src="img/logo.jpg" height="300" /><br><br><h2>CREDENTIALS</h2><br><br>

<div style="margin:10px 0;"></div>
<div title="Login" style="width:500px" id="loginbox">
    <div style="padding:10px 0 10px 0px">
    <form action="login.php" id="login" method="post">
        <table><?php if (isset($err)) echo '<tr><td colspan="2" class="errmsg">'. $err .'</td></tr>'; ?>
                <td><input type="text" name="username" style="border: 1px solid #ccc;" autocomplete="off"/></td>
                <td><input type="password" name="password" style="border: 1px solid #ccc;" autocomplete="off"/></td>
        <input class="button" type="submit" name="submit" value="Login" />
Post Reply