how to use LDAP_BIND in php using NTLM2?

0

I'm using ldap with NTLM to do SSO "LOGON UNIQUE" but I'm having a hard time, LDAP_BIND does not accept the hashed password I get from the browser,

My class working with NTLM has the following variables:

$auth = getAuth(); //RETORNA O NTLM TRABALHADO

        //$auth['user'] = $user;
        //$auth['domain'] = $domain;
        //$auth['workstation'] = $workstation;
        //$auth['clientblob'] = $clientblob;
        //$auth['clientblobhash'] = $clientblobhash;

          $con = ldap_connect('meudominio.com');
          ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
          ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
          ldap_bind($con, 'dominio\user', $auth['clientblob']);

ERROR > Warning: ldap_bind () [function.ldap-bind]: Unable to bind to server: Invalid credentials in ... Note: LDAP_BIND works only if I use the string password;

    
asked by anonymous 23.10.2014 / 19:16

1 answer

1

Answering your question in the comments, which is simpler: NTML is not an encryption protocol, and without a challenge-response-based authentication protocol that makes use of hash functions to "hide" the password, la.

It is not possible to use LDAP + NTLM in PHP directly through mod_ldap because it was made to strictly follow the LDAP protocol. Using NTLM over LDAP, as Microsoft does, is an extension to traditional LDAP functionality. Surely it can be implemented, but it is necessary to reverse engineer the parameters used by Microsoft, as they are not documented.

The Microsoft API responsible for doing this in Windows, is ldap_bind_s [

25.10.2014 / 18:42