Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by Naushad Jadoon
Naushad Jadoon
985 Points

Connection to Active Directory in PHP

i have made one small program in PHP which checks whether the user name and password are correct or not. I am getting "LDAP bind successful..." whenever i am putting the correct password but once i will change the password in Active directory and immediately put either new or old password, i am getting "LDAP bind successful..." message. I am not able to understand why i am getting "LDAP bind successful..." message when i am put the old password as it should be giving me an error. Following is my code. What i am missing here? How can i modify my code so that even after changing the password i will get the correct reply. 

<body>

<?php


$ldaprdn  = $_POST['name'];     // ldap rdn or dn
$ldappass = $_POST['password']; // associated password

// connect to ldap servers
$ldapconn = ldap_connect("ldap://server")
    or die("Could not connect to LDAP server.");
//    ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);

    // binding to ldap server
$ldapbind = ldap_bind($ldapconn,$ldaprdn,$ldappass);
   if($ldapbind){
        echo "LDAP bind successful...";
    } else {
       $errno = ldap_errno( $ldapconn );
       echo $errno;
    }



?>
</body>
</html>```

1 Answer

chrisp
chrisp
13,686 Points
chrisp
chrisp
13,686 Points

I haven't really worked with LDAP before, but here is my guess based on the codes you posted.

It seems like you are telling the codes to bind onto LDAP and your IF statement seem to indicate as long as there is connection is made than it will output "success".

Because the connection as the argument $ldaconn is true, it will return true and my guess is that username and password are not being evaluated,maybe skipped, or maybe because the true evaluation is true it goes straight to output the success message.

What I would try to do is 1) separate your LDAP connection in a single bind with its own if statement.

2) Assign in a new bind variable that compares the username and password submit by php to the existing username and password stored in LDAP. The password in LDAP mostly likely will need to be match with php username and password variables, returning true.

3) Create secondary IF / ELSE statement for the username and password tells you whether there is username & password match or not.

Maybe give this a try and see it that works. If not post back. I hope this helps a little. Good luck :).