-1

Im working on adding authentication to one of my dashboards.

My setup is a little unique I believe. We use a service account to obtain the DN of a user, this query works as expected. We then bind a second time using that new dn instead of the service account. This also works, so technically at this point, the user is properly authenticated.

I'm trying to perform a second ldap_search after succesful bind as the dn I pull from the first query. This is unfortunately giving me the results of the previous ldap_search. This is what I'm not understanding. 

if($bind = @ldap_bind($ldap, $ldap_dn, $adminpass)) {

    // valid
    echo "bound to ldap<BR>\n";
    $filter = "(&(objectclass=user)(samaccountname=$user))";
    $attr = array("dn, password, samaccountname");
    $dn = "DC=CORP,DC=COMPANY,DC=com";
    $result = ldap_search($ldap, $dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);

    // Now build second query to bind and authenticate as user.
    $ldap_dn_bind = $entries["0"]["dn"];
    echo $ldap_dn_bind;

    if($ubind = @ldap_bind($ldap, $ldap_dn_bind, $password)) {
        echo "bound as $user - $ldap_dn_bind<BR>\n\n"; // Works
        $u_attr = array("description, physicaldeliveryofficename, postaladdress, st, postalcode, title, telephonenumber, mobile, samaccountname, givenname, sn, company, displayname, employeetype, mail, manager, employeeID, KMADescription, terminationdate");
        $u_result = ldap_search($ldap, $dn, $filter, $u_attr) or exit("Unable to search LDAP server");
        echo "ldap search<BR>\n";
        $u_entries = ldap_get_entries($ldap, $u_result);
        echo "print u_entries";
        print_r($u_entries);
        echo "done";
    } else {
        die("failed to authenticate user");   
    }

This line:

    $u_result = ldap_search($ldap, $dn, $filter, $u_attr) or exit("Unable to search LDAP server");

seems to work as desired and no error about performing the ldap search. $u_entries however contains the same information as $entries and this is where I'm having a problem. I'm trying to obtain details about the user and insert them into a local db if they're not already present.

Improve this question

2 Answers 2

Reset to default
0

I had the same problem before, check if your LDAP server lets external connections in.

Check your $dn variable if you're using emails only enter the stuff after the @ sign

Also be sure that your admin credentials

also this link helped me understand it a bit more: https://github.com/Adldap2/Adldap2-Laravel/issues/224 Note i worked with Laravel

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Yes, it's open as a co-worked has another app in CF which works fine doing the same thing essentially. I can connect, and bind as admin user. I perform a search as admin user to obtain the DN of the user I want to authenticate. I then bind with the DN previously obtained and the users password. This also works and thus authentication works. At this point, i want to perform a second ldap_search and pull some information about that user. This is where I'm having a problem and the u_results/u_entries and returning the results of the first ldap_search query for DN.
vertica.com/kb/LDAP-Authentication-Best-Practices/Content/… under LDAP Search and Bind Authentication it says : This previous example searches for sAMAccountName, which must match the Vertica user login name. Only a single match can be made. If multiple users match, the login fails. The LDAP bind occurs upon a successful search.
So, should I retrieve all those details in the initial attributes and ldap_search rather than performing a second search? Not sure I understand.
everything that you want to get with an ldap should be in there yes, instead of performing 2 searches you should get every atrribute from one search
-1

My attributes array was incorrect and by definition ldap_search will ALWAYS return the DN. Problem resolved.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.