ldap_close
With PHP 4.3.* is Password no longer a valid attribute.. try to use userPassword
ldap_compare
(PHP 4 >= 4.0.2, PHP 5)
ldap_compare — Compara un valor indicado con el valor de un atributo especificado mediante su DN
Descripción
mixed ldap_compare
( resource $identificador_de_conexion
, string $dn
, string $atributo
, string $valor
)
Devuelve TRUE si value coincide con el valor del atributo atributo en el directorio. Si no coinciden, devuelve FALSE. Si se ha producido un error, devuelve -1.
ldap_compare() se emplea para comparar el parámetro valor con el valor que tiene el atributo attribute de la entrada de direcotrio especificada mediante el parámetro dn .
El siguiente ejemplo muestra como realizar la comprobación de si la contraseña proporcionada coincide con la almacenada en la entrada DN especificada.
Example #1 Ejemplo completo de comprobación de contraseña
<?php
$ds=ldap_connect("localhost"); // Asumimos que el servidor LDAP esta en el
// servidor local
if ($ds) {
// autenticacion
if (ldap_bind($ds)) {
// preparar los datos
$dn = "cn=Pedro Perez, ou=Mi Unidad, o=Mi Compania, c=ES";
$valor = "contrasena_secreta";
$atributo = "password";
// comparar los valores
$r=ldap_compare($ds, $dn, $atributo, $valor);
if ($r === -1) {
echo "Error: " . ldap_error($ds);
} elseif ($r === true) {
echo "Contrasena correcta.";
} elseif ($r === false) {
echo "La contrasena proporcionada es incorrecta.";
}
} else {
echo "No ha sido posible conectarse al servidor LDAP.";
}
ldap_close($ds);
} else {
echo "No ha sido posible conectarse al servidor LDAP.";
}
?>
Warning
ldap_compare() no permite la comparación de valores binarios.
Note: La función se incluyó en la versión 4.0.2.
add a note
User Contributed Notesldap_compare
oudejans at zeelandnet dot nl
11-Apr-2005 02:10
11-Apr-2005 02:10
chuck+ldap at 2006 dot snew dot com
06-Aug-2004 07:08
06-Aug-2004 07:08
Just a side note that this is not how you'd ever AUTHENTICATE someone, just an example code.
The common way to authenticate is to get the users name, use search and perhaps selection to the user to get her DN (single value) then attempt to BIND to the ldapserver using that dn and the offered password. If it works, then it's the right password.
Note that the password offered MUST NOT BE EMPTY or many LDAPs will presume you meant to authenticate anonymously and it will succeed, leaving you thinking it's the right password.
Brian Kerhin <kerhin at bigfoot dot com>
31-Jan-2001 03:13
31-Jan-2001 03:13
Not probably, will. With PHP 4.0.4 and openldap 1.2.9 this little script, even with the correct attributes for the password does not do the job. Would superb if it did!
334647 at swin dot edu dot au
26-Oct-2000 04:06
26-Oct-2000 04:06
Interesting example. Apart from the fact that very few people would allow comaprisions of the password attribute for security reasons. The attribute name of "password" does not match the usual schemas.
The usual method of user id + password verification is to attempt to bind using the supplied credentials.
Ldap compare on password values will probably fail with ns directroy server and openldap v2+ becuase of server support for password hashing.