LDAP login script is always returning authenticated
Posted: Sat Oct 31, 2009 3:10 pm
I am writing a small PHP script for the company I work for, and my boss wants it to authenticate against the domain. I've never worked with domain authentication, so after some searching on Google, I found a few sample codes and came up with what follows.
However, it seems as if it always returns authenticated unless you enter a correct username and incorrect password. If I use an existing username and a blank password, it authenticates. If I use a made up (non-existing) username, it will return as authenticated. Even if I leave the username field completely blank, then it still returns as authenticated.
I tried this on two separate domains (both hosted on a Windows 2003 server), but neither of them worked. Does anyone know what I am doing wrong?
Also, is it possible to only look in one OU in the domain? We want users in accounts\staff to log in, but not users in accounts\students.
Code: Select all
<?php
$ldap_server = "10.60.254.3";
$ldap_domain = "ACUSD";
$username = $_POST['name'];
$password = $_POST['pass'];
$ldapconn = ldap_connect($ldap_server);
$ldaprdn = $ldap_domain . "\\" . $username;
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $password);
if ($ldapbind) {
echo "authenticated to domain controller";
} else {
echo "failed to authenticated, check your username and password";
}
?>I tried this on two separate domains (both hosted on a Windows 2003 server), but neither of them worked. Does anyone know what I am doing wrong?
Also, is it possible to only look in one OU in the domain? We want users in accounts\staff to log in, but not users in accounts\students.