LoginSignup
3
2

More than 3 years have passed since last update.

@nobu-maple(Nobu Maple)

LDAP(ADSI)でパスワード認証 - PHP,VBA,PowerShell

Last updated at Posted at 2019-03-19

LDAP(ADSI)でパスワードが有効かを確認してみます
言語は Excel VBA と PHP と PowerShell

VBA バージョン

Option Explicit

Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_SERVER_BIND = &H200

Sub MAIN()
    Debug.Print LDAP_LOGIN("ldap.domain.com", "uid=userid,o=logon", "password")
End Sub


Function LDAP_LOGIN(server As String, rdn As String, pass As String) As Integer
    Dim objDs
    Dim objDsEntry
    On Error Resume Next

    '// LDAP LOGIN
    Err.Clear
    Set objDs = GetObject("LDAP:")
    Set objDsEntry = objDs.OpenDsobject("LDAP://" & server, rdn, pass, ADS_SERVER_BIND)

    '// RESULT
    LDAP_LOGIN = Err.Number
    Debug.Print Err.Description

    '// CLEANUP
    Set objDs = Nothing
    Set objDsEntry = Nothing
End Function

第二引数で受け取っているRDNについてはこちら RDNとは

PHP バージョン

<?php

$server = "ldap.domain.com";
$rdn = "uid=userid,o=logon";
$pass = "password";

if (user_ldap_login($server, $rdn, $pass)) {
    echo "TRUE";
} else {
    echo "FALSE";
}


function user_ldap_login($server, $rdn, $pass)
{
    // INIT
    $ret = false;

    // LDAP connect
    $ld_con = ldap_connect($server);
    if ($ld_con) {
        if (ldap_bind($ld_con, $rdn, $pass)) {
            $ret = true;
        }
    }

    // LDAP close
    ldap_close($ld_con);
    return $ret;
}

パスワード認証が取れた後に情報が欲しい場合は ldap_search をこんな感じで


$base_dn = "ou=people,o=address";
$fllter = "(cn=tanaka*)";

function user_ldap_search($ld_con, $base_dn, $fillter)
{
    $sr = ldap_search($ld_con, $base_dn, $fillter);
    $info = ldap_get_entries($ld_con, $sr);
    print_r( $info );
}

PowerShell バージョン

$user = "USER-ID"
$pass = "PASSWORD"
$domain = "LDAP://ldap.domain.com:389/ou=people,o=address"

$auth = [System.DirectoryServices.AuthenticationTypes]::FastBind
$rdn = "uid=" + $user + ",o=login"
$root = New-Object System.DirectoryServices.DirectoryEntry($domain, $rdn, $pass, $auth)
$query = New-Object System.DirectoryServices.DirectorySearcher($root)
$query.filter = "(cn=tanaka*)"
$entries = $query.FindAll()
$entries | %{$_.Properties}

一部のみ欲しい場合はこんな感じとか


$query.PropertiesToLoad.Add("cn")                > $null
$query.PropertiesToLoad.Add("mail")              > $null
$entries = $query.FindAll()

あるいはこんな感じとか


$entries = $query.FindAll()
$entries | %{$_.Properties.cn,$_.Properties.mail}

ActiveDirectory、ADSIの認証系についてあまり情報がなかったので書いてみた

3
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
2