Invalid DN syntax on LDAP Authentication

php syntax ldap dn
user3765724 picture user3765724 · Oct 13, 2014 · Viewed 17.7k times · Source

I know this has sort of been answered before but it hasnt been able to help me (unless it has but because of my limited php knowledge it hasn't helped). Here is my code below:

<body>
<html>     

<?php
//echo var_dump($_POST);
        $user = "".$_POST["username"]."";
        settype($user, "string");
        $password = $_POST["password"];
        $ldap_host = "ldap.burnside.school.nz";
        $base_dn = "ou=students,o=bhs";
        $ldap_user = "(cn=".$user.")";
        $filter = "($ldap_user)"; // Just results for this user
        $ldap_pass = "".$password."";

        $connect = ldap_connect($ldap_host)
                or exit(">>Could not connect to LDAP server<<");
        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);

        // This next bit is the important step.  Bind, or fail to bind.  This tests the username/password.        
        if (ldap_bind($connect, $ldap_user.",".$base_dn, $ldap_pass)) {
            $read = ldap_search($connect, $base_dn, $filter)
                or exit(">>Unable to search ldap server<<");

            // All the next 8 lines do is get the users first name.  Not required
            $info = ldap_get_entries($connect, $read);
            $ii = 0;
            for ($i = 0; $ii < $info[$i]["count"]; $ii++) {
                $data = $info[$i][$ii];
                if ($data == "givenname") {
                    $name = $info[$i][$data][0];
                }
            }

            ldap_close($connect);
            header("Location: success.php?name=$name");
        } 
        else {
            ldap_close($connect);
            //header("Location: failure.php?user=$user");
        }
        ?>

</body>
</html>

I am getting an error on line 21 which is when I bind to the server saying:

Warning: ldap_bind(): Unable to bind to server: Invalid DN syntax in S:\XAMPP\htdocs\PhpProject1\LDAP_main.php on line 21

Would anyone have a solution to this problem? It has only started happening when I implemented my $_POST into the code to receive the username and password but as you can see with my commented out // echo var_dump($_POST) I am actually receiving the data I want.

Answer

heiglandreas picture heiglandreas · Oct 14, 2014

Your DN for binding to the LDAP-Server is (cn=[username]),ou=students,o=bhs which is not a valid DN-Syntax. That should read cn=[username],ou=students,o=bhs without the braces.

You have mixed up an LDAP-Filter (the stuff inside the braces) with a DN.

I'd do an LDAP authentication in the following way:

  1. Bind anonymously or with a default user where you know the DN
  2. Use that user to do a search for all users that match a certain filter that contains the provided username. you can use a filter like (|(mail=[username])(cn=[username])(uid=[username])) to look for entries that have the username in the mail, cn or uid-attribute
  3. Get the DN from the returned Entry (if there are no or more than one entry there is no appropriate user existent so we can skip the rest)
  4. bind to the ldap again with that retreived DN and the provided password.

Have a look at https://gist.github.com/heiglandreas/5689592

Related questions

What is the difference between single-quoted and double-quoted strings in PHP?

I'm a little confused why I see some code in PHP with string placed in single quotes and sometimes in double quotes. I just know in .NET, or the C language, if it is in a single quote, that means …

Read More
What Does This Mean in PHP -> or =>

Possible Duplicate: where we use object operator “->” in php Reference - What does this symbol mean in PHP? I see these in PHP all the time but I don't have a clue as to what they actually mean. …

Read More
Difference between if () { } and if () : endif;

Are there any differences between... if ($value) { } ...and... if ($value): endif; ?

Read More