1

I am working on a login form that uses LDAP to authenticate users. However I do not know how to pass the username as a POST variable along with the DN credentials. This is working allowing me to send a password from a login form:

<?php
// using ldap bind
$ldaprdn  = 'uid=my.name,cn=XXX,dc=XXX,dc=XXX,dc=XXX';     // ldap rdn or dn
$ldappass = $_POST['userPassword'];  // user password

// connect to ldap server
$ldapconn = ldap_connect("server.domain.com")
        or die("Could not connect to LDAP server.");

// Set some ldap options for talking to 
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {

        // binding to ldap server
        $ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);

        // verify binding
        if ($ldapbind) {
            echo "LDAP bind successful...\n";
        } else {
            echo "LDAP bind failed...\n";
        }
}
?>

However this does not when trying to append the value contained within the POST variable to the CN and DN values.

<?php
// using ldap bind
$ldaprdn  = "uid = . $_POST['userLogin'] . 'cn=XXX,dc=XXX,dc=XXX,dc=XXX'";    // ldap  rdn or dn
$ldappass = $_POST['userPassword'];  // user password

// connect to ldap server
$ldapconn = ldap_connect("server.domain.com")
        or die("Could not connect to LDAP server.");

// Set some ldap options for talking to 
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {

        // binding to ldap server
        $ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);

        // verify binding
        if ($ldapbind) {
            echo "LDAP bind successful...\n";
        } else {
            echo "LDAP bind failed...\n";
        }
}
?>

Can this be achieved this way? I believe I can only pass three variables using the LDAP_bind function,

Many Thanks

m1243
  • 159
  • 2
  • 15
  • What do the server logs record in the case where the client uses the `userLogin`? – Terry Gardner May 13 '13 at 11:39
  • Hi, I receive an error: slapd[41]: conn=22795 op=0 do_bind: invalid dn (cn=XXX, dc=XXX, dc=XXX,dc=XXX, uid=$_POST["userLogin"]') Thanks – m1243 May 13 '13 at 13:02

1 Answers1

1

You are incorrectly using quotes here and have missed a comma:

$ldaprdn  = "uid = . $_POST['userLogin'] . 'cn=XXX,dc=XXX,dc=XXX,dc=XXX'";

should be

$ldaprdn  = 'uid =' . $_POST['userLogin'] . ',cn=XXX,dc=XXX,dc=XXX,dc=XXX';

or

$ldaprdn  = "uid =$_POST['userLogin'],cn=XXX,dc=XXX,dc=XXX,dc=XXX";

Remember that using single quotes around variables will not resolve the variable to its value (and thus concatenation is required), but using double quotes will. And on top of that: never work with user-inputted-data directly in your scripts - validate the input or at the very least use htmlentities() or strip_tags()...

zenlord
  • 330
  • 3
  • 15