我想在我的ZF2應用程序中針對我們的活動目錄檢查用戶名/密碼。我爲此使用了Zend \ Authentication \ Adapter \ Ldap,它可以部分工作。使用Zend Authentication Adapter Ldap驗證Active Directory的憑據(ZF2)
這是我的代碼:
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Adapter\Ldap as AuthAdapter;
$username = 'johndoe';
$password = 'xxx';
$auth = new AuthenticationService();
$adapter = new AuthAdapter(
array('server1'=>array(
'host' => '192.168.0.3',
'useStartTls' => false,
'useSsl' => false,
'accountDomainName' => 'domain.local',
'accountDomainNameShort' => 'DOMAIN',
'accountCanonicalForm' => 3,
'accountFilterFormat' => '(&(objectClass=user)(sAMAccountName=%s))',
'baseDn' => 'CN=Users,DC=domain,DC=local',
'bindRequiresDn' => false,
'optReferrals' => false
)),
$username,
$password
);
$result = $auth->authenticate($adapter);
var_dump($result);
如果我設置的密碼不正確,我得到以下結果:
object(Zend\Authentication\Result)#279 (3) {
["code":protected]=>
int(-3)
["identity":protected]=>
string(3) "johndoe"
["messages":protected]=>
array(4) {
[0]=>
string(19) "Invalid credentials"
[1]=>
string(124) "0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe"
[2]=>
string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals="
[3]=>
string(151) "johndoe authentication failed: 0x31 (Invalid credentials; 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772): DOMAIN\johndoe"
}
}
使用正確的密碼,結果變化:
object(Zend\Authentication\Result)#279 (3) {
["code":protected]=>
int(-1)
["identity":protected]=>
string(3) "johndoe"
["messages":protected]=>
array(4) {
[0]=>
string(22) "Account not found: johndoe"
[1]=>
string(68) "0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))"
[2]=>
string(238) "host=192.168.0.3,useStartTls=,useSsl=,accountDomainName=domain.local,accountDomainNameShort=DOMAIN,accountCanonicalForm=3,accountFilterFormat=(&(objectClass=user)(sAMAccountName=%s)),baseDn=CN=Users,DC=domain,DC=local,bindRequiresDn=,optReferrals="
[3]=>
string(95) "johndoe authentication failed: 0x20: No object found for: (&(objectClass=user)(sAMAccountName=johndoe))"
}
}
爲什麼沒有找到帳戶?我的accountFilterFormat有問題嗎?
sAMAccountName和objectClass似乎是有效的。我檢查這個與Sysinternals的Active Directory的瀏覽器:
用這個工具類似的搜索工作正常:
沒有,那是一個集合 - 所以只有一個應該匹配過濾器.. 。但只能確定我測試了 (&(objectClass = top; person; organizationalPerson; user)(sAMAccountName = amr)) 也 – Stephan 2013-04-26 08:40:00
我們更改了objectClass,它工作,謝謝 – 2015-07-14 09:41:17