ldap_close
With PHP 4.3.* is Password no longer a valid attribute.. try to use userPassword
ldap_compare
(PHP 4 >= 4.0.2, PHP 5)
ldap_compare — Compare une entrée avec des valeurs d'attributs
Description
Sert à comparer la valeur value de l'attribut attribute à la valeur du même attribut de l'entrée dn .
Liste de paramètres
- link_identifier
-
Un identifiant de lien LDAP, retourné par la fonction ldap_connect().
- dn
-
Le DN de l'entrée LDAP.
- attribute
-
Le nom de l'attribut.
- value
-
La valeur comparée.
Valeurs de retour
Retourne TRUE si la valeur value correspond, sinon, retourne FALSE. Retourne -1 si une erreur survient.
Exemples
L'exemple suivant montre comment vérifier que deux mots de passe correspondent, dont l'un est celui d'une entrée du serveur LDAP.
Exemple #1 Exemple complet de vérification de mot de passe avec lDAP
<?php
$ds=ldap_connect("localhost"); // doit être un serveur LDAP valide!
if ($ds) {
// Authentification
if (ldap_bind($ds)) {
// Préparation des données
$dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
$value = "secretpassword";
$attr = "password";
// Comparaison des valeurs
$r=ldap_compare($ds, $dn, $attr, $value);
if ($r === -1) {
echo "Error: " . ldap_error($ds);
} elseif ($r === true) {
echo "Password correct.";
} elseif ($r === false) {
echo "Mal choisi ! Mot de passe incorrect !";
}
} else {
echo "Impossible de se connecter au serveur LDAP.";
}
ldap_close($ds);
} else {
echo "Impossible de se connecter au serveur LDAP.";
}
?>
Notes
Avertissement
ldap_compare() ne peut PAS être utilisé pour comparer des valeurs binaires !
add a note
User Contributed Notesldap_compare
oudejans at zeelandnet dot nl
11-Apr-2005 08:10
11-Apr-2005 08:10
chuck+ldap at 2006 dot snew dot com
06-Aug-2004 01:08
06-Aug-2004 01:08
Just a side note that this is not how you'd ever AUTHENTICATE someone, just an example code.
The common way to authenticate is to get the users name, use search and perhaps selection to the user to get her DN (single value) then attempt to BIND to the ldapserver using that dn and the offered password. If it works, then it's the right password.
Note that the password offered MUST NOT BE EMPTY or many LDAPs will presume you meant to authenticate anonymously and it will succeed, leaving you thinking it's the right password.
Brian Kerhin <kerhin at bigfoot dot com>
31-Jan-2001 10:13
31-Jan-2001 10:13
Not probably, will. With PHP 4.0.4 and openldap 1.2.9 this little script, even with the correct attributes for the password does not do the job. Would superb if it did!
334647 at swin dot edu dot au
26-Oct-2000 10:06
26-Oct-2000 10:06
Interesting example. Apart from the fact that very few people would allow comaprisions of the password attribute for security reasons. The attribute name of "password" does not match the usual schemas.
The usual method of user id + password verification is to attempt to bind using the supplied credentials.
Ldap compare on password values will probably fail with ns directroy server and openldap v2+ becuase of server support for password hashing.