저는 데비안에서 패키지로 ldap 서버 및 클라이언트를 설치하였습니다.
사용자를 추가하는 ldif는 다음과 같습니다.
dn: uid=bind,ou=People,dc=ldap,dc=wooya510,dc=com
uid: bind
cn: Bind User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: 123456
loginShell: /bin/bash
uidNumber: 2323
gidNumber: 2323
homeDirectory: /home/root
gecos: Bind User
host: *
일단 bind 하기 위해 bind라는 userid 와 평문(plain text)로 하기 위해 123456으로 비밀번호를 지정하였습니다.
그리고 추가를 하기 위해 다음과 같이 하였습니다.
wooya510:/home/wooya510/ldap_ldif# ldapadd -x -D "cn=admin,dc=ldap,dc=wooya510,dc=com" -W -f bind.ldif
Enter LDAP Password:
adding new entry "uid=bind,ou=People,dc=ldap,dc=wooya510,dc=com"
LDAP Password는 설치할 때 지정한 123456을 입력하였습니다.
이번에는 myuser라고 하고 패스워드는 slappawd -h {MD5}명령을 내려 MD5로 암호화된 패스워드를 userPassword에 지정해 주었습니다.
그래서 이제 php api를 사용하여 웹로그인 인증을 위해 테스트 페이지를 작성하였습니다.
$userid = $_POST['userid'];
print "
LDAP Authentication for ".$userid."
";
$ldapserver = ldap_connect("ldap.wooya510.com", 389);
if(!$ldapserver)
{
print "
connection error";
exit(0);
}
else
{
print "
connection success";
}
$bind = ldap_bind($ldapserver, "uid=bind,ou=People,dc=ldap,dc=wooya510,dc=co
m", "123456");
if(!$bind)
{
print "
bind error";
exit(0);
}
else
{
print "
bind success";
}
ldap_close($ldapserver);
?>
이 페이지를 웹브라우저에서 실행해 보면 다음과 같은 에러가 발생합니다.
LDAP Authentication for
connection success
Warning: ldap_bind(): Unable to bind to server: Protocol error in /var/www/apache2-default/test.php on line 23
bind error
바인드 에러가 발생합니다.
$bind = ldap_bind($ldapserver, "uid=bind,ou=People,dc=ldap,dc=wooya510,dc=co
m", "123456");
위 부분이 잘못된거 같은데 아직도 잘 모르겠습니다. 뭐가 문제죠?
여기저기 찾아봐도 잘 모르겠습니다. 제가 아직도 LDAP에 대해 잘 모르고 있는건가요?
-------------
다음은 디버그 메시지 입니다.
다음은 디버그 메시지 입니다.
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0 ber_get_next
ldap_read: want=8, got=8
0000: 30 34 02 01 01 60 2f 02 04...`/.
ldap_read: want=46, got=46
0000: 01 02 04 21 63 6e 3d 6e 73 73 2c 64 63 3d 6c 64 ...!cn=nss,dc=ld
0010: 61 70 2c 64 63 3d 77 6f 6f 79 61 35 31 30 2c 64 ap,dc=wooya510,d
0020: 63 3d 63 6f 6d 80 07 64 75 32 73 63 68 32 c=com..du2sch2
ber_get_next: tag 0x30 len 52 contents:
ber_dump: buf=0x08139008 ptr=0x08139008 end=0x0813903c len=52
0000: 02 01 01 60 2f 02 01 02 04 21 63 6e 3d 6e 73 73 ...`/....!cn=nss
0010: 2c 64 63 3d 6c 64 61 70 2c 64 63 3d 77 6f 6f 79 ,dc=ldap,dc=wooy
0020: 61 35 31 30 2c 64 63 3d 63 6f 6d 80 07 64 75 32
a510,dc=com..du2
0030: 73 63 68 32 sch2
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL do_bind ber_scanf fmt ({imt) ber:
ber_dump: buf=0x08139008 ptr=0x0813900b end=0x0813903c len=49
0000: 60 2f 02 01 02 04 21 63 6e 3d 6e 73 73 2c 64 63 `/....!cn=nss,dc
0010: 3d 6c 64 61 70 2c 64 63 3d 77 6f 6f 79 61 35 31
=ldap,dc=wooya51
0020: 30 2c 64 63 3d 63 6f 6d 80 07 64 75 32 73 63 68 0,dc=com..du2sch
0030: 32 2
ber_scanf fmt (m}) ber:
ber_dump: buf=0x08139008 ptr=0x08139033 end=0x0813903c len=9
0000: 00 07 64 75 32 73 63 68 32 ..du2sch2
>>> dnPrettyNormal:
=> ldap_bv2dn(cn=nss,dc=ldap,dc=wooya510,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=nss,dc=ldap,dc=wooya510,dc=com)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(cn=nss,dc=ldap,dc=wooya510,dc=com)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(cn=nss,dc=ldap,dc=wooya510,dc=com)=0 Success <<< dnPrettyNormal: ,
do_bind: version=2 dn="cn=nss,dc=ldap,dc=wooya510,dc=com" method=128 conn=0 op=0 BIND dn="cn=nss,dc=ldap,dc=wooya510,dc=com" method=128
send_ldap_result: conn=0 op=0 p=2
send_ldap_result: err=2 matched="" text="historical protocol version requested, use LDAPv3 instead"
send_ldap_response: msgid=1 tag=97 err=2
ber_flush: 71 bytes to sd 11
0000: 30 45 02 01 01 61 40 0a 01 02 04 00 04 39 68 69 0E...a@......9hi
0010: 73 74 6f 72 69 63 61 6c 20 70 72 6f 74 6f 63 6f storical
protoco
0020: 6c 20 76 65 72 73 69 6f 6e 20 72 65 71 75 65 73 l version
reques
0030: 74 65 64 2c 20 75 73 65 20 4c 44 41 50 76 33 20 ted, use
LDAPv3
0040: 69 6e 73 74 65 61 64 instead
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
ldap_write: want=71, written=71
0000: 30 45 02 01 01 61 40 0a 01 02 04 00 04 39 68 69 0E...a@......9hi
0010: 73 74 6f 72 69 63 61 6c 20 70 72 6f 74 6f 63 6f storical
protoco
0020: 6c 20 76 65 72 73 69 6f 6e 20 72 65 71 75 65 73 l version
reques
0030: 74 65 64 2c 20 75 73 65 20 4c 44 41 50 76 33 20 ted, use
LDAPv3
0040: 69 6e 73 74 65 61 64 instead
connection_get(11): got connid=0
connection_read(11): checking for input on id=0 ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 02 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x08138c68 ptr=0x08138c68 end=0x08138c6d len=5
0000: 02 01 02 42 00 ...B.
connection_input: conn=0 deferring operation: binding
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0 ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 11 failed errno=0 (Success)
connection_read(11): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=11 for close
connection_close: deferring conn=0 sd=11
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL conn=0 op=0 RESULT tag=97 err=2 text=historical protocol version requested, use LDAPv3 instead
connection_resched: attempting closing conn=0 sd=11
connection_close: conn=0 sd=11
daemon: removing 11
conn=0 fd=11 closed