active directory - PHP LDAP Connection

Question

I'm trying to connect in LDAP with php-ldap. I got a issue using ldap_bind():

$username = 'josue.ruiz';
$password = 'pass';
$ldapconfig['host'] = '10.10.10.11';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=domain,dc=com';

$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

$dn="cn=".$username.",ou=Technology,".$ldapconfig['basedn'];

if ($bind=ldap_bind($ds, $dn, $password)) {
    echo("Login correct");
} else {
    echo("Login incorrect");
}

I get this message:

Warning: ldap_bind(): Unable to bind to server: Invalid credentials in ...

But when I try this way:

ldap_bind($ds,'[email protected]','pass'); 

It works fine, but to me it doesn't work because I want to filter by OU, and with this way I can't. Does anyone have any advice for this problem?

Answer 1

When you are trying to do ldap_bind you are only connecting and determining if the credentials validate. What you need to do is add your domain to the username and let it connect. Then if you want to determine if the user is the 'Technology' OU with ldap_search() Consider doing it like this:

$domain = 'mydomain.com';
$username = 'josue.ruiz';
$password = 'pass';
$ldapconfig['host'] = '10.10.10.11';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=domain,dc=com';

$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

$dn="ou=Technology,".$ldapconfig['basedn'];
$bind=ldap_bind($ds, $username .'@' .$domain, $password);
$isITuser = ldap_search($bind,$dn,'(&(objectClass=User)(sAMAccountName=' . $username. '))');
if ($isITuser) {
    echo("Login correct");
} else {
    echo("Login incorrect");
}