StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POValidate credentials against Active Directory with Zend\Authentication\Adapter\Ldap (ZF2)
text
Body
copied!<p>I want to check username/password against our active directory within my ZF2-Application. I use Zend\Authentication\Adapter\Ldap for this and it works partly.</p> <p>This is my code:</p> <pre><code>use Zend\Authentication\AuthenticationService; use Zend\Authentication\Adapter\Ldap as AuthAdapter; $username = 'johndoe'; $password = 'xxx'; $auth = new AuthenticationService(); $adapter = new AuthAdapter( array('server1'=>array( 'host' => '192.168.0.3', 'useStartTls' => false, 'useSsl' => false, 'accountDomainName' => 'domain.local', 'accountDomainNameShort' => 'DOMAIN', 'accountCanonicalForm' => 3, 'accountFilterFormat' => '(&(objectClass=user)(sAMAccountName=%s))', 'baseDn' => 'CN=Users,DC=domain,DC=local', 'bindRequiresDn' => false, 'optReferrals' => false )), $username, $password ); $result = $auth->authenticate($adapter); var_dump($result); </code></pre> <p>if I set an incorrect password i get the following result:</p> <pre><code>object(Zend\Authentication\Result)#279 (3) { ["code":protected]=> int(-3) ["identity":protected]=> string(3) "johndoe" ["messages":protected]=> array(4) { [0]=> string(19) "Invalid credentials" [1]=> string(124) "0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe" [2]=> string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals=" [3]=> string(151) "johndoe authentication failed: 0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe" } } </code></pre> <p>with the correct password the result changes:</p> <pre><code>object(Zend\Authentication\Result)#279 (3) { ["code":protected]=> int(-1) ["identity":protected]=> string(3) "johndoe" ["messages":protected]=> array(4) { [0]=> string(22) "Account not found: johndoe" [1]=> string(68) "0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))" [2]=> string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals=" [3]=> string(95) "johndoe authentication failed: 0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))" } } </code></pre> <p>why is no account found? Is there a problem with my accountFilterFormat?</p> <p>sAMAccountName and objectClass seem to be valid. I checked this with the Sysinternals Active Directory Browser: <img src="https://i.stack.imgur.com/W1U7L.png" alt="Active Directory Browser"> <img src="https://i.stack.imgur.com/W3ytf.png" alt="Active Directory Browser Properties"></p> <p>A similar search with this tool works fine: <img src="https://i.stack.imgur.com/XkRkk.png" alt="Active Directory Browser Search"></p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload