Can't connect LDAP server - issue in ldap_bind();

4
votes

I am tried to implement a LDAP authentication in my web application developed in ZF2. LDAP authentication is working fine in Windows 7.

But, after moving the application to LINUX machine, LDAP authentication is not working. I am always getting the error as : Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in LdapConnect.php on line 20

I have used the scripts as: 

$ldaphost = "ldap://xxxx.net";
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
if ($ds)
{
    $username = "[email protected]";
    $upasswd  = "password";
    $ldapbind = ldap_bind($ds, $username, $upasswd);

    if ($ldapbind)
    {
       print "Congratulations! you are authenticated successfully.";
    }else{
      print "Better luck next time!";
    }
}

Should I install any software package or should I do any config settings?

Note: If I give the IP adress then it is working fine, but if I give the domain name, then it is not working.

Please help me to solve the problem.

1
phpauthenticationzend-framework2ldap
Couple debugging techniques I would suggest is 1) make sure your Linux node can ping your LDAP node 2) make sure your LDAP is binding to the correct IP address. I have seen LDAP server binds to localhost/127.0.0.1 and that causes remote applications from connecting to it. - beyonddc
Ldap node ping is working fine. And I have given proper IP address to bind. Event it's NOT working. Same thing is working fine in development LINUX machine but not in server LINUX machine. Plz help me. - KumarA
Do you have php-ldap installed on the linux node? - ffledgling

1 Answers

2
votes

The library may be different between the 2, or a different version. You'd be amazed how many variations of the ldap client there are. In your position I would (if available) use ldap client to make the same kind of connection a few different ways.

e.g. the "-x" on the standard ldapsearch: -x Use simple authentication instead of SASL.

So you could express the connection like this:

ldapsearch -h xxxx.net -p 389 (etc) ldapsearch -x -h ldap://xxxx.net:389 (this should actually be -H..)

and so on. It is also possible for things outside of your code to be an issue. Prod servers often have firewalls and proxies (e.g. F5) that are transparent to the server/client. Make sure your final code has exception handling for binding and searching. I'm not too familiar with the php implementation, and the doco is a tad thin. Normally you'd use a synchronous bind.

Can you verify that the code above is exactly as you had it on Windows? The reason I ask is that looking here: http://php.net/manual/en/function.ldap-connect.php it seems that you may be mixing 2 types of bind. I definitely wouldn't have done it like that in standard python.

So if using a URI normally you'd do it like this:

ldap_connect("ldap://blah:389")

and if you're connecting via host/port combo:

ldap_connect("blah","389")

With minimal exception info my best guess is that its actually trying to bind to a hostname "ldap://xxxx.net" on port "389".