ldap_simple_bind_s returned LDAP_INVALID_CREDENTIALS
ldap_simple_bind_s returned LDAP_INVALID_CREDENTIALS
我们的应用程序使用LDAP进行身份验证。当使用ldap_bind_s时,它返回ldap_SUCCES,而ldap_simple_bind_s返回的LAP_INVALID_CREDENTIALS具有错误的凭据。你能解释一下区别吗?使用ldap_simple_bind_s是否安全?
下面是一个使用这两种方法的示例应用程序。
#include <iostream>
#include <string>
#include <windows.h>
#include <winldap.h>
#include <boost/lexcal_cast.hpp>
using namespace std;
void test_ldap_bind_s(const std::string& hostname, int port, const std::string& username, const std::string& password)
{
ULONG version = LDAP_VERSION3;
ULONG portNumber = port;
long timeout = 5;
LDAP* ldap = ldap_init(const_cast<PCHAR>(hostname.c_str()), portNumber);
ULONG error_code = LdapGetLastError();
std::string error_str = ldap_err2string(error_code);
if (0x0 == ldap)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_init -> " << error_str << endl;
error_code = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, static_cast<void*>(&version));
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_set_option LDAP_VERSION3 -> " << error_str << endl;
l_timeval ldap_connect_timeout;
ldap_connect_timeout.tv_sec = timeout;
ldap_connect_timeout.tv_usec = 0;
error_code = ldap_connect(ldap, &ldap_connect_timeout);
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_connect -> " << error_str << endl;
SEC_WINNT_AUTH_IDENTITY secWinntAuthIdentity;
ZeroMemory(static_cast<void*>(&secWinntAuthIdentity), sizeof(SEC_WINNT_AUTH_IDENTITY));
secWinntAuthIdentity.User = reinterpret_cast<unsigned char*>(const_cast<char*>(username.c_str()));
secWinntAuthIdentity.UserLength = username.length();
secWinntAuthIdentity.Password = reinterpret_cast<unsigned char*>(const_cast<char*>(password.c_str()));
secWinntAuthIdentity.PasswordLength = password.length();
secWinntAuthIdentity.Domain = 0;
secWinntAuthIdentity.DomainLength = 0;
secWinntAuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
error_code = ldap_bind_s(ldap, NULL, reinterpret_cast<char*>(&secWinntAuthIdentity), LDAP_AUTH_NEGOTIATE);
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_bind_s -> " << error_str << endl << endl;
}
void test_ldap_simple_bind_s(const std::string& hostname, int port, const std::string& username, const std::string& password)
{
ULONG version = LDAP_VERSION3;
ULONG portNumber = port;
long timeout = 5;
LDAP* ldap = ldap_init(const_cast<PCHAR>(hostname.c_str()), portNumber);
ULONG error_code = LdapGetLastError();
std::string error_str = ldap_err2string(error_code);
if (0x0 == ldap)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_init -> " << error_str << endl;
error_code = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, static_cast<void*>(&version));
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_set_option LDAP_VERSION3 -> " << error_str << endl;
l_timeval ldap_connect_timeout;
ldap_connect_timeout.tv_sec = timeout;
ldap_connect_timeout.tv_usec = 0;
error_code = ldap_connect(ldap, &ldap_connect_timeout);
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_connect -> " << error_str << endl;
error_code = ldap_simple_bind_s(ldap, const_cast<PCHAR>(username.c_str()), const_cast<PCHAR>(password.c_str()));
error_str = ldap_err2string(error_code);
if (error_code != LDAP_SUCCESS)
{
cout << error_code << ": " << error_str << endl << endl;
return;
}
cout << "ldap_bind_s -> " << error_str << endl << endl;
}
int main(int argc, char* argv[])
{
string username = argv[1];
string password = argv[2];
string hostname = argv[3];
int port = boost::lexical_cast<int>(argv[4]);
test_ldap_bind_s(hostname, port, username, password);
test_ldap_simple_bind_s(hostname, port, username, password);
}
ldap_simple_bind_s凭据不是用户名、密码,而是DN、密码。您需要从LDAP检索DN,或者从用户名构建DN(假设DN都是相同构建的)。
相关文章:
- 如何解决"invalid conversion from 'char' to 'const char*'"
- C++LDAP检查用户是否是特定组的成员
- 如何处理 c++ 中类实现中的"invalid use of non-static data member"?
- C++ "error: invalid use of void expression"
- 收到错误"invalid use of non-static data member 'stu::n' "
- Poloniex API "Invalid command" c++ libcurl
- C++模板错误:"invalid explicitly-specified argument for template parameter"
- SDL_CreateTextureFromSurface() "Invalid texture"错误?
- C++ "Invalid use of 'this' in non-member function" ,
- 为什么gmp会在这里与"invalid next size"重新定位一起崩溃?
- 继承类时"invalid use of incomplete type ‘class tree_node_t’"
- 为什么我会"Invalid read of size 8"?(瓦尔格林德)
- "fast"或"normal"在"free(): invalid next size (fast)"中是什么意思?
- 如何在Arduino程序中解决"invalid operands of types"?
- 如何'Invalid conversion'和'no match for operator'更正这些 c++ 错误
- 访问函数变体时"Invalid conversion"错误
- 马洛克会在 C++17 年返回"invalid pointer value"吗?
- 出现这种错误的原因是什么"invalid use of non-static data member "
- 指向对象生存期之外的已分配内存的指针是"invalid pointer[s]"还是"pointer[s] to an object"?
- 模板类和'invalid use of incomplete type'错误
