Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
310 views
in Technique[技术] by (71.8m points)

php - How do I disallow anonymous ldap login?

I have the following:

class LDAPConnection {

    private $ldapServers = array(
        "ldap://serv1", "ldap://serv2"
    );
    private $ldapUsername = "DOMAIN\%s";

    function login($username, $password)    {
        $user = sprintf($this->ldapUsername, $username);
        // Make sure password is not empty (http://stackoverflow.com/a/172042/561731)
        if(!empty($password))   {
            foreach($this->ldapServers as $server)  {
                try {
                    $ldap = ldap_connect($server);
                    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                    if($bind = ldap_bind($ldap, $user, $password))  {
                        // log them in
                        return true;
                    }
                }
                catch(ErrorException $e)   {
                    // do nothing
                }
            }
        }
        return false;
    }
}

As you can see I first make sure that the $password is not empty then I attempt the ldap connection, because if I do not do that, then ldap assumes that I want to do an anonymous connection and returns true.

How do I prevent that? Is my only option like I did above and I have to check to make sure that the password isn't empty? Or is there a better way?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Disabling anonymous login shouldn't be done at your application layer. It should be done at the actual LDAP server itself.

Prohibiting anonymous login at your application layer to me seems like a band-aid because anyone can always use any LDAP client to log into your LDAP server if anonymous login is enabled on the server itself.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...