Erro PHP e LDAP
Enviada por Diego Venuzka
|
Diego Venuzka
Erro PHP e LDAP 13 de October de 2014 às 02:55PM |
Estou tentando montar um login em PHP onde o usuário é autenticado pelo AD. Configurei o codigo abaixo mas ele retorna sempre o seguinte erro:
Warning: ldap_search(): Search: Bad search filter in C:\wamp\www\TI\authenticate.php on line 30
Alguém tem uma ideia? A linha 30 é a linha: if($bind = @ldap_bind($ldap,$user, $password)) {
OBS: Aqui a gente usa o "\" em alguns casos de login, exemplo: PECCIN\admin
<?php
// Initialize session
session_start();
function authenticate($user, $password) {
// Active Directory server
$ldap_host = "192.168.203.6";
//$ldap_host = "server.college.school.edu";
// Active Directory DN
$ldap_dn = "OU=USUARIOS AVANCADOS,DC=peccin.local";
//$ldap_dn = "OU=Departments,DC=college,DC=school,DC=edu";
// Active Directory user group
$ldap_user_group = "USUARIOS SETORES";
//$ldap_user_group = "WebUsers";
// Active Directory manager group
$ldap_manager_group = "USUARIOS AVANCADOS";
//$ldap_manager_group = "WebManagers";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@peccin.com.br";
//$ldap_usr_dom = "@college.school.edu";
// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
//return false;
?>
<script language="JavaScript">
<!--
alert("user has no rights!");
window.location = 'login.php';
//-->
</script>
<?php
}
} else {
// invalid name or password
//return false;
?>
<script language="JavaScript">
<!--
alert("invalid name or password!");
window.location = 'login.php';
//-->
</script>
<?php
}
}
?>
Warning: ldap_search(): Search: Bad search filter in C:\wamp\www\TI\authenticate.php on line 30
Alguém tem uma ideia? A linha 30 é a linha: if($bind = @ldap_bind($ldap,$user, $password)) {
OBS: Aqui a gente usa o "\" em alguns casos de login, exemplo: PECCIN\admin
<?php
// Initialize session
session_start();
function authenticate($user, $password) {
// Active Directory server
$ldap_host = "192.168.203.6";
//$ldap_host = "server.college.school.edu";
// Active Directory DN
$ldap_dn = "OU=USUARIOS AVANCADOS,DC=peccin.local";
//$ldap_dn = "OU=Departments,DC=college,DC=school,DC=edu";
// Active Directory user group
$ldap_user_group = "USUARIOS SETORES";
//$ldap_user_group = "WebUsers";
// Active Directory manager group
$ldap_manager_group = "USUARIOS AVANCADOS";
//$ldap_manager_group = "WebManagers";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@peccin.com.br";
//$ldap_usr_dom = "@college.school.edu";
// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
//return false;
?>
<script language="JavaScript">
<!--
alert("user has no rights!");
window.location = 'login.php';
//-->
</script>
<?php
}
} else {
// invalid name or password
//return false;
?>
<script language="JavaScript">
<!--
alert("invalid name or password!");
window.location = 'login.php';
//-->
</script>
<?php
}
}
?>
Você precisa estar logado no PHPBrasil.com para poder enviar mensagens para os nossos fóruns.
Faça o login aqui.
Faça o login aqui.
Copyright © 2000-2022 João Prado Maia