Bing Du wrote:
Hello,
The following script returns 'LDAP bind failed...'.
<?php
echo "Connecting ...<br />";
$ldaprdn = "jsmith\@dept.some.edu";
$ldappass = "jsmithpass";
$ds=ldap_connect("ad.dept.some.edu");
if ($ds) {
echo "Binding ...<br />";
$r=ldap_bind($ds, $ldaprdn, $ldappass);
if ($r) {
echo "LDAP bind successful...<br />";
} else {
echo "LDAP bind failed...<br />";
}
} else {
echo "LDAP connection failed...<br />";
}
?>
If I change $ldaprdn to be "CN=John
Smith,OU=Users,OU=DEPT,DC=some,DC=edu", then bind returns 'LDAP bind
successful...'.
However AD supports username to be in jsmith@xxxxxxxxxxxxx format
because querying from the command line works:
% ldapsearch -h ad.dept.some.edu -s sub -b "dc=dept,dc=some,dc=edu" -x
-D jsmith@xxxxxxxxxxxxx -W "samaccountname=jsmith"
Our AD only allows authenicated bindings. We don't know user's DN
before binding. So anybody know how to make PHP allow
$ldaprdn="jsmith\@dept.some.edu"?
Thanks in advance,
Bing
Ok, I've figured it out again. Removing the '\' in
$ldaprdn="jsmith\@dept.some.edu' fixed the problem. I thought it should
be escaped. But looks like it's not necessary.
Bing
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
