環境:
win2025 AD
異常狀況:
PHP程式要用LDAP協定,透過domain name抓ad使用者資料,時好時壞,改用IP連線也是。
連到不用的DC主機都會有狀況。
解決過程:
DC主機上的本機安全性原則中,在"電腦設定->windows設定->安全性設定->網域控制站:LDAP伺服器簽署要求強制執行",要設定成停用,每台DC都要設定成停用,就可以排除問題。
Environment:
Windows Server 2025 Active Directory
Issue:
A PHP application uses the LDAP protocol to query AD user information via the domain name, but the connection is unstable (intermittently works and fails).
Using the DC’s IP address shows the same issue.
The problem occurs when connecting to certain domain controllers.
Resolution:
On the domain controllers, modify the Local Security Policy:
-
Go to:
Computer Configuration → Windows Settings → Security Settings → Domain Controller: LDAP server signing requirements - Set it to Disabled
This setting must be applied to all domain controllers.
After applying the change, the issue is resolved.
沒有留言:
張貼留言