ldap_compare

Compare value of attribute found in entry specified with DN (PHP 4 >= 4.0.2, PHP 5)
mixed ldap_compare ( resource link_identifier, string dn, string attribute, string value )

Example 1113. Complete example of password check

copy to clipboard

<?php


$ds=ldap_connect("localhost");  // assuming the LDAP server is on this host

if ($ds) {


    // bind

    if (ldap_bind($ds)) {


        // prepare data

        $dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";

        $value = "secretpassword";

        $attr = "password";


        // compare value

        $r=ldap_compare($ds, $dn, $attr, $value);


        if ($r === -1) {

            echo "Error: " . ldap_error($ds);

        } elseif ($r === true) {

            echo "Password correct.";

        } elseif ($r === false) {

            echo "Wrong guess! Password incorrect.";

        }


    } else {

        echo "Unable to bind to LDAP server.";

    }


    ldap_close($ds);


} else {

    echo "Unable to connect to LDAP server.";

}
?>

Code Examples / Notes » ldap_compare

oudejans

With PHP 4.3.* is Password no longer a valid attribute.. try to use userPassword

brian kerhin <kerhin

Not probably, will. With PHP 4.0.4 and openldap 1.2.9 this little script, even with the correct attributes for the password does not do the job. Would superb if it did!

chuck+ldap

Just a side note that this is not how you'd ever AUTHENTICATE someone, just an example code. The common way to authenticate is to get the users name, use search and perhaps selection to the user to get her DN (single value) then attempt to BIND to the ldapserver using that dn and the offered password. If it works, then it's the right password. Note that the password offered MUST NOT BE EMPTY or many LDAPs will presume you meant to authenticate anonymously and it will succeed, leaving you thinking it's the right password.

334647

Interesting example. Apart from the fact that very few people would allow comaprisions of the password attribute for security reasons. The attribute name of "password" does not match the usual schemas. The usual method of user id + password verification is to attempt to bind using the supplied credentials. Ldap compare on password values will probably fail with ns directroy server and openldap v2+ becuase of server support for password hashing.

Change Language

ldap_8859_to_t61
ldap_add
ldap_bind
ldap_close
ldap_compare
ldap_connect
ldap_count_entries
ldap_delete
ldap_dn2ufn
ldap_err2str
ldap_errno
ldap_error
ldap_explode_dn
ldap_first_attribute
ldap_first_entry
ldap_first_reference
ldap_free_result
ldap_get_attributes
ldap_get_dn
ldap_get_entries
ldap_get_option
ldap_get_values_len
ldap_get_values
ldap_list
ldap_mod_add
ldap_mod_del
ldap_mod_replace
ldap_modify
ldap_next_attribute
ldap_next_entry
ldap_next_reference
ldap_parse_reference
ldap_parse_result
ldap_read
ldap_rename
ldap_sasl_bind
ldap_search
ldap_set_option
ldap_set_rebind_proc
ldap_sort
ldap_start_tls
ldap_t61_to_8859
ldap_unbind

ldap_compare

Compare value of attribute found in entry specified with DN (PHP 4 >= 4.0.2, PHP 5) mixed ldap_compare ( resource link_identifier, string dn, string attribute, string value )

Example 1113. Complete example of password check

Code Examples / Notes » ldap_compare

Change Language

Compare value of attribute found in entry specified with DN (PHP 4 >= 4.0.2, PHP 5)
mixed ldap_compare ( resource link_identifier, string dn, string attribute, string value )