1

I have code which added user to the ladp server in php

function ldapAddUser($ldap_conn, $ou_dn, $firstName, $lastName, $username, $pwdtxt, $email) {

$dn = "CN=$firstName $lastName," . $ou_dn;
$ldaprecord['givenName'] = $firstName;
$ldaprecord['sn'] = $lastName;
$ldaprecord['mail'] = $email;
$ldaprecord['objectclass'] = array("top", "person", "organizationalPerson", "user");
$ldaprecord["sAMAccountName"] = $username;

$ldaprecord["userprincipalname"] = $username . '@test.local';
$ldaprecord["UserAccountControl"] = "544";

$r = ldap_add($ldap_conn, $dn, $ldaprecord);
var_dump($r);

$encodedPass = array('userpassword' =>  "{SHA}" . base64_encode( sha1( $newPassw, TRUE ) ));

echo "Change password ";
if (ldap_mod_replace($ldap_conn, $dn, $encodedPass)) {
    echo "succeded";
} else {
    echo "failed";
}

$group_name = "CN=LDAP Testing,OU=Test,DC=test,DC=local";
$group_info['member'] = $dn;// User's DN is added to group's 'member' array
ldap_mod_add($ldap_conn,$group_name,$group_info);

}

**user will add successfully but after added user when I tried to login with that user it did not allow me to login and give error like **

Blockquote

Error Binding to LDAP: 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0

for login

function login($username, $password) {

$ip = "XX.XX.XX.XX";  // WAN IP goes here;
$ldap_url = "ldap://$ip";
$ldaps_url = "ldaps://$ip";
$ldap_domain = 'test.local';
$ldap_dn = "dc=test,dc=local";
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
// Unsecure - WORKS
$ldap_conn = ldap_connect($ldap_url) or die("Could not connect to LDAP server ($ldap_url)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
echo $password;
$result = ldap_bind($ldap_conn, "$username@$ldap_domain", $password);
if (!$result) {
    if (ldap_get_option($ldap_conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
        echo "Error Binding to LDAP: $extended_error";
    } else {
        echo "Error Binding to LDAP: No additional information is available.";
    }
}

}

but it will work if I will manually login into the interface with admin login and then reset the password for added user then user will successfully login with my login function .

Please provide suggestion if any one have idea

Thanks Pratik

Improve this question

1 Answer 1

Reset to default
1

Try using this for password hashing

function hash_password($password) // SSHA with random 4-character salt
{
    $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
    return '{SSHA}' . base64_encode(mhash(MHASH_SHA1,$password.$salt). $salt);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.