Php ldap invalid dn syntax

ldap_errno

Возвращает стандартизированный код ошибки, возвращённый последней командой LDAP. Это число может быть преобразовано в текстовое сообщение об ошибке, используя ldap_err2str() .

Список параметров

Возвращаемые значения

Возвращает код ошибки LDAP последней команды для этой ссылки.

Список изменений

Примеры

Если вы не снизите достаточно уровень предупреждений в php.ini , или префикс ваших LDAP-команд не будет с символом @ для подавления вывода предупреждений, генерируемые ошибки будут также отображаться в вашем HTML выводе.

Пример #1 Генерирование и фиксация ошибки

// Этот пример содержит ошибку, которую мы поймаем
$ld = ldap_connect ( «localhost» );
$bind = ldap_bind ( $ld );
// синтаксическая ошибка в выражении фильтра (errno 87),
// должно быть «objectclass=*» для того, чтобы это работало.
$res = @ ldap_search ( $ld , «o=Myorg, c=DE» , «objectclass» );
if (! $res ) echo «LDAP-Errno: » . ldap_errno ( $ld ) . «
\n» ;
echo «LDAP-Error: » . ldap_error ( $ld ) . «
\n» ;
die( «Argh!
\n» );
>
$info = ldap_get_entries ( $ld , $res );
echo $info [ «count» ] . » подходящих записей.
\n» ;
?>

Смотрите также

• ldap_err2str() — Преобразовать код ошибки LDAP в строковое сообщение об ошибке
• ldap_error() — Возвратить сообщение об ошибке LDAP последней команды

User Contributed Notes 2 notes

Couple of good error codes to get started. If you want to detect failure of ldap_add due to the record already existing, ldap_error == 0x44. This means, you can do something like:

$r = ldap_add($ds, $dn, $info);
if (!$r) <
if (ldap_errno($ds) == 0x44) <
// Do something about it
> else <
// A real failure
>
>

Similarly, on ldap_delete, you will get a 0x20 value (No Such Object) if you try to delete something that isn’t there.

LDAP_SUCCESS 0x00
LDAP_OPERATIONS_ERROR 0x01
LDAP_PROTOCOL_ERROR 0x02
LDAP_TIMELIMIT_EXCEEDED 0x03
LDAP_SIZELIMIT_EXCEEDED 0x04
LDAP_COMPARE_FALSE 0x05
LDAP_COMPARE_TRUE 0x06
LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07
LDAP_STRONG_AUTH_REQUIRED 0x08
// Not used in LDAPv3
LDAP_PARTIAL_RESULTS 0x09

// Next 5 new in LDAPv3
LDAP_REFERRAL 0x0a
LDAP_ADMINLIMIT_EXCEEDED 0x0b
LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c
LDAP_CONFIDENTIALITY_REQUIRED 0x0d
LDAP_SASL_BIND_INPROGRESS 0x0e

LDAP_NO_SUCH_ATTRIBUTE 0x10
LDAP_UNDEFINED_TYPE 0x11
LDAP_INAPPROPRIATE_MATCHING 0x12
LDAP_CONSTRAINT_VIOLATION 0x13
LDAP_TYPE_OR_VALUE_EXISTS 0x14
LDAP_INVALID_SYNTAX 0x15

LDAP_NO_SUCH_OBJECT 0x20 /* 32 */
LDAP_ALIAS_PROBLEM 0x21
LDAP_INVALID_DN_SYNTAX 0x22
// Next two not used in LDAPv3
LDAP_IS_LEAF 0x23
LDAP_ALIAS_DEREF_PROBLEM 0x24

LDAP_INAPPROPRIATE_AUTH 0x30 /* 48 */
LDAP_INVALID_CREDENTIALS 0x31 /* 49 */
LDAP_INSUFFICIENT_ACCESS 0x32
LDAP_BUSY 0x33
LDAP_UNAVAILABLE 0x34
LDAP_UNWILLING_TO_PERFORM 0x35
LDAP_LOOP_DETECT 0x36

LDAP_SORT_CONTROL_MISSING 0x3C /* 60 */
LDAP_INDEX_RANGE_ERROR 0x3D /* 61 */

LDAP_NAMING_VIOLATION 0x40
LDAP_OBJECT_CLASS_VIOLATION 0x41
LDAP_NOT_ALLOWED_ON_NONLEAF 0x42
LDAP_NOT_ALLOWED_ON_RDN 0x43
LDAP_ALREADY_EXISTS 0x44 /* 68 */
LDAP_NO_OBJECT_CLASS_MODS 0x45
LDAP_RESULTS_TOO_LARGE 0x46
// Next two for LDAPv3
LDAP_AFFECTS_MULTIPLE_DSAS 0x47
LDAP_OTHER 0x50

// Used by some APIs
LDAP_SERVER_DOWN 0x51
LDAP_LOCAL_ERROR 0x52
LDAP_ENCODING_ERROR 0x53
LDAP_DECODING_ERROR 0x54
LDAP_TIMEOUT 0x55
LDAP_AUTH_UNKNOWN 0x56
LDAP_FILTER_ERROR 0x57 /* 87 */
LDAP_USER_CANCELLED 0x58
LDAP_PARAM_ERROR 0x59
LDAP_NO_MEMORY 0x5a

// Preliminary LDAPv3 codes
LDAP_CONNECT_ERROR 0x5b
LDAP_NOT_SUPPORTED 0x5c
LDAP_CONTROL_NOT_FOUND 0x5d
LDAP_NO_RESULTS_RETURNED 0x5e
LDAP_MORE_RESULTS_TO_RETURN 0x5f
LDAP_CLIENT_LOOP 0x60
LDAP_REFERRAL_LIMIT_EXCEEDED 0x61

• Функции LDAP
  • ldap_​8859_​to_​t61
  • ldap_​add_​ext
  • ldap_​add
  • ldap_​bind_​ext
  • ldap_​bind
  • ldap_​close
  • ldap_​compare
  • ldap_​connect
  • ldap_​count_​entries
  • ldap_​count_​references
  • ldap_​delete_​ext
  • ldap_​delete
  • ldap_​dn2ufn
  • ldap_​err2str
  • ldap_​errno
  • ldap_​error
  • ldap_​escape
  • ldap_​exop_​passwd
  • ldap_​exop_​refresh
  • ldap_​exop_​whoami
  • ldap_​exop
  • ldap_​explode_​dn
  • ldap_​first_​attribute
  • ldap_​first_​entry
  • ldap_​first_​reference
  • ldap_​free_​result
  • ldap_​get_​attributes
  • ldap_​get_​dn
  • ldap_​get_​entries
  • ldap_​get_​option
  • ldap_​get_​values_​len
  • ldap_​get_​values
  • ldap_​list
  • ldap_​mod_​add_​ext
  • ldap_​mod_​add
  • ldap_​mod_​del_​ext
  • ldap_​mod_​del
  • ldap_​mod_​replace_​ext
  • ldap_​mod_​replace
  • ldap_​modify_​batch
  • ldap_​modify
  • ldap_​next_​attribute
  • ldap_​next_​entry
  • ldap_​next_​reference
  • ldap_​parse_​exop
  • ldap_​parse_​reference
  • ldap_​parse_​result
  • ldap_​read
  • ldap_​rename_​ext
  • ldap_​rename
  • ldap_​sasl_​bind
  • ldap_​search
  • ldap_​set_​option
  • ldap_​set_​rebind_​proc
  • ldap_​sort
  • ldap_​start_​tls
  • ldap_​t61_​to_​8859
  • ldap_​unbind
  • ldap_​control_​paged_​result_​response
  • ldap_​control_​paged_​result

  Источник

  Saved searches

  Use saved searches to filter your results more quickly

  You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

  Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

  By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

  Already on GitHub? Sign in to your account

  OC 8.2.1 LDAP Invalid DN syntax #21257

  OC 8.2.1 LDAP Invalid DN syntax #21257

  Comments

  Steps to reproduce

  1.Install 8.2.1 (Stable)
  2.Navigate to the admin page
  3.Check the logs

  Expected behaviour

  Actual behaviour

  I’m seeing the following error:

  Error PHP ldap_read(): Search: Invalid DN syntax at /var/www/html/owncloud/apps/user_ldap/lib/ldap.php#257 

  If I ignore the error, everything is working just fine. I can see the users, they can login, etc.
  I’ve tried the fixes suggested in #17570 , but there’s no effect on the issue.

  PS: I don’t know if it’s relevant, but in the admin page I also see the «This server has no working Internet connection.» warning. I’ve recompiled curl from source with support for ssl, and curl is working fine, but the warning is still there, however, that’s a different topic.

  Server configuration

  Operating system:
  CentOS 7.2.1511, kernel 3.10.0-229.20.1.el7.x86_64

  Web server:
  Apache/2.4.6

  Database:
  MySQL 5.6.28

  PHP version:
  PHP 5.5.30

  ownCloud version:
  8.2.1 (stable)

  Updated from an older ownCloud or fresh install:
  Fresh install

  List of activated apps:

   - activity: 2.1.3 - documents: 0.11.0 - files: 1.2.0 - files_pdfviewer: 0.7 - files_sharing: 0.7.0 - files_texteditor: 2.0 - files_trashbin: 0.7.0 - files_versions: 1.1.0 - files_videoviewer: 0.1.3 - firstrunwizard: 1.1 - gallery: 14.2.0 - notifications: 0.1.0 - provisioning_api: 0.3.0 - templateeditor: 0.1 - user_ldap: 0.7.0 

  The content of config/config.php:

  Are you using external storage:
  No

  Are you using encryption:
  No

  Are you using an external user-backend, if yes which one:
  LDAP

  LDAP configuration

  +-------------------------------+-------------------------------------------------------------+ | Configuration | | +-------------------------------+-------------------------------------------------------------+ | hasMemberOfFilterSupport | 0 | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | ***REMOVED SENSITIVE VALUE*** | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | ***REMOVED SENSITIVE VALUE*** | | ldapBaseGroups | | | ldapBaseUsers | | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | uid | | ldapExpertUsernameAttr | | | ldapGroupDisplayName | cn | | ldapGroupFilter | | | ldapGroupFilterGroups | | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | uniqueMember | | ldapHost | ***REMOVED SENSITIVE VALUE*** | | ldapIgnoreNamingRules | | | ldapLoginFilter | ***REMOVED SENSITIVE VALUE*** | | ldapLoginFilterAttributes | uid | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserDisplayName | displayname | | ldapUserFilter | ***REMOVED SENSITIVE VALUE*** | | ldapUserFilterGroups | | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | ***REMOVED SENSITIVE VALUE*** | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | useMemberOfToDetectMembership | 0 | +-------------------------------+-------------------------------------------------------------+ 

  Client configuration

  Browser:
  Chrome, Firefox
  Operating system:
  Windows10

  Источник

  Invalid DN syntax on LDAP Authentication

  Your DN for binding to the LDAP-Server is (cn=[username]),ou=students,o=bhs which is not a valid DN-Syntax. That should read cn=[username],ou=students,o=bhs without the braces.

  You have mixed up an LDAP-Filter (the stuff inside the braces) with a DN.

  I’d do an LDAP authentication in the following way:

  1. Bind anonymously or with a default user where you know the DN
  2. Use that user to do a search for all users that match a certain filter that contains the provided username. you can use a filter like (|(mail=[username])(cn=[username])(uid=[username])) to look for entries that have the username in the mail, cn or uid-attribute
  3. Get the DN from the returned Entry (if there are no or more than one entry there is no appropriate user existent so we can skip the rest)
  4. bind to the ldap again with that retreived DN and the provided password.

  user3765724

  Comments

  I know this has sort of been answered before but it hasnt been able to help me (unless it has but because of my limited php knowledge it hasn’t helped). Here is my code below:

    >Could not connect to LDAP server<<"); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // This next bit is the important step. Bind, or fail to bind. This tests the username/password. if (ldap_bind($connect, $ldap_user.",".$base_dn, $ldap_pass)) < $read = ldap_search($connect, $base_dn, $filter) or exit(">>Unable to search ldap server <<"); // All the next 8 lines do is get the users first name. Not required $info = ldap_get_entries($connect, $read); $ii = 0; for ($i = 0; $ii < $info[$i]["count"]; $ii++) < $data = $info[$i][$ii]; if ($data == "givenname") < $name = $info[$i][$data][0]; >> ldap_close($connect); header("Location: success.php?name=$name"); > else < ldap_close($connect); //header("Location: failure.php?user=$user"); >?>  

  Warning: ldap_bind(): Unable to bind to server: Invalid DN syntax in S:\XAMPP\htdocs\PhpProject1\LDAP_main.php on line 21

  Would anyone have a solution to this problem? It has only started happening when I implemented my $_POST into the code to receive the username and password but as you can see with my commented out // echo var_dump($_POST) I am actually receiving the data I want.

  I’ve done this now I’m getting an error for a bad search filter? This was all working before when I used a username and password I pre typed in but since I’ve used the post method to get the data it has started to not work so I think the problem has got something to do with that? unless you know how to fix the new problem; «Warning: ldap_search(): Search: Bad search filter in S:\XAMPP\htdocs\PhpProject1\LDAP_main.php on line 22 >>Unable to search ldap server

  

  Put some debug out statements and view your constructed variables so you know what your code is doing. Then you will at least know what values you are submitting to the LDAP server. And get a good LDAP browser that will show you what the values need to be. (I use Apache Studio directory.apache.org/studio)

  Источник