I have a PHP script which does a LDAP connect, bind and search. It is working very well with most of the Active Directory servers, however one of our clients has a problem. The script returns
Strong(er) authentication required.
error when trying ldap_bind.
All the searches I made directed me to two possible problems:
- I have to set
3– which I do and did before, so this can not be my problem.
- The AD server is configured to use SSL authentication – but our client insists that it is a default Windows 2008 R2 server installation, and that does not default to SSL for sure.
What other causes could be for this error to happen?
It was SSL required on Active Directory server …
You have to use
ldaps:// if it’s required by the Active Directory server. If it’s a problem with invalid certificate authority, you can ignore the validity in windows by issuing
in your php code. In *nix you need to edit your
/etc/ldap.conf to contain
For other common problems, you can refer to my post at PHP cannot connect to LDAP Oracle Directory Server Enterprise Edition
For working example code, you can have a look at: Problems with secure bind to Active Directory using PHP
I had the same problem and it seems that there was a typo in my
bind_rdn, so make sure that the credentials are correct.
The message “Strong(er) authentication required” appears also if you try to update a LDAP entity using :
Without calling the bind function with the optional parameters :
string $bind_rdn = NULL [, string $bind_password = NULL
This code will not work:
$ldap = ldap_connect($ldap_url); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($ldap); $userdata=array(); $userdata['userattribute']='test'; ldap_modify ($ldap, "cn=myuser,dc=example,dc=com", $userdata);
This code works, note the different call to bind function:
$ldap = ldap_connect($ldap_url); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($ldap,'cn=admin,dc=example,dc=com','secretpassword'); $userdata=array(); $userdata['userattribute']='test'; ldap_modify ($ldap, "cn=myuser,dc=example,dc=com", $userdata);
This answer seems to be full, although short. It covers two options on how to handle the error.