多くの場合、uidに基づいてバインドする必要があります。私はこれを達成するために少し機能を変更しました。バインドのためのcnは、ユーザー名のuidに基づく検索操作に由来します。これが誰かを助けてくれることを願って
function check_auth_ldap() {
if (!($_POST['username'] && $_POST['password'])) {
header("Location: login.php?failure=6");
}
$sessionTimeoutSecs = 10;
$ldapServer = localhost;
$ldapBaseDN = ou=users,ou=subtree,dc=domain,dc=tld;
$ldapPort = 389;
$ldapFilter = "(&(objectClass=*)(uid=".$_POST['username']."))";
$ldapAttributes = array("cn");
if (!isset($_SESSION)) session_start();
if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {
// Session is already authenticated
$ds = ldap_connect($ldapServer, $ldapPort);
$sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
$result = ldap_get_entries($ds, $sr);
if ($result) {
$binddn = $result[0]['dn'];
} else {
header("Location: login.php?failure=1");
}
ldap_close ($ds);
$ds = ldap_connect($ldapServer, $ldapPort);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($ds, $binddn, $_SESSION['password'])) {
$_SESSION['lastactivity'] = time();
return $ds;
} else {
unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
header("Location: login.php?failure=2");
exit;
}
} else if (isset($_POST['username'], $_POST['password'])) {
// Handle login requests
$ds = ldap_connect($ldapServer, $ldapPort);
$sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
$result = ldap_get_entries($ds, $sr);
if ($result) {
$binddn = $result[0]['dn'];
} else {
header("Location: login.php?failure=3");
}
ldap_close ($ds);
$ds = ldap_connect($ldapServer, $ldapPort);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($ds, $binddn, $_POST['password'])) {
// Successful auth
$_SESSION['lastactivity'] = time();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
return $ds;
} else {
// Auth failed
header("Location: login.php?failure=4");
exit;
}
} else {
// Session has expired or a logout was requested
unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
header("Location: login.php?failure=5");
exit;
}
}
10分でしたか? – gunnx
No.10秒。それはテスト目的のためです。 – TheAptKid