<div class="gmail_quote">On Thu, Oct 30, 2008 at 9:38 AM, Brian Chivers <span dir="ltr"><<a href="mailto:brian@portsmouth-college.ac.uk">brian@portsmouth-college.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div><div></div><div class="Wj3C7c">Ben Dailey wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On Thu, Oct 30, 2008 at 5:15 AM, Brian Chivers<br> <<a href="mailto:brian@portsmouth-college.ac.uk" target="_blank">brian@portsmouth-college.ac.uk</a>> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Ben Dailey wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On Wed, Oct 29, 2008 at 5:07 PM, Brian Chivers<br> <<a href="mailto:brian@portsmouth-college.ac.uk" target="_blank">brian@portsmouth-college.ac.uk</a>> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Has anyone done anything with php-ldap ??<br> <br> I'm trying to write a php script that will return the users with there<br> gidNumber but what I have doesn't return the gidNumber.<br> <br> I can post my script so far if it helps.<br> <br> Thanks<br> Brian Chivers<br> Portsmouth College<br> <br> <br> ------------------------------------------------------------------------------------------------<br> The views expressed here are my own and not necessarily<br> <br> the views of Portsmouth College<br> </blockquote> Brian,<br> <br> I have written a authentication script which we use in house to do<br> authentication. What kind of ldap directory are you trying to query?<br> If you post your script and php version. I will do my best at giving a<br> hand.<br> <br> Thanks,<br> Ben Dailey<br> Asst. Technology Director<br> Bluffton-Harrison MSD<br> <br> _______________________________________________<br> K12OSN mailing list<br> <a href="mailto:K12OSN@redhat.com" target="_blank">K12OSN@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank">https://www.redhat.com/mailman/listinfo/k12osn</a><br> For more info see <<a href="http://www.k12os.org" target="_blank">http://www.k12os.org</a>><br> </blockquote> Thanks for the offer :-)<br> <br> It's a openldap server & we're running php5<br> <br> The script I've got below is something I found on the web and it sort of<br> works but doesn't show the gidNumber & I'd like to have this as I don't want<br> students (gid=501) to be authenticated only staff (various gids)<br> <br> <?php<br> // basic sequence with LDAP is connect, bind, search, interpret search<br> // result, close connection<br> $ldaphost = "<a href="http://alpha.portsmouth-college.ac.uk" target="_blank">alpha.portsmouth-college.ac.uk</a>";<br> $username = "Manager";<br> $binddn = "cn=$username,dc=portsmouth-college,dc=ac,dc=uk"; // ldap rdn<br> or dn<br> $bindpass = "special_password"; // associated password<br> <br> echo "<h3>LDAP query test</h3>";<br> echo "Connecting ...";<br> $ds=ldap_connect($ldaphost); // must be a valid LDAP server!<br> echo "connect result is " . $ds . "<br />";<br> <br> if ($ds) {<br> echo "Binding ...";<br> $r=ldap_bind($ds,$binddn,$bindpass);<br> echo "Bind result is " . $r . "<br />";<br> <br> echo "Searching for (cn=*) ...";<br> // Search surname entry<br> $sr=ldap_search($ds,"dc=portsmouth-college,dc=ac,dc=uk", "cn=*");<br> echo "Search result is " . $sr . "<br />";<br> <br> echo "Number of entires returned is " . ldap_count_entries($ds, $sr) .<br> "<br />";<br> <br> echo "Getting entries ...<p>";<br> $info = ldap_get_entries($ds, $sr);<br> echo "Data for " . $info["count"] . " items returned:<p>";<br> <br> for ($i=0; $i<$info["count"]; $i++) {<br> echo "Loop count: " . $i . "<br />";<br> </blockquote> Replace the following echoes with:<br> echo "<pre>";<br> print_r($info[$i]);<br> echo "</pre>";<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> echo "gidNumber is: ". $info[$i]["gidNumber"]."<br />";<br> echo "dn is: " . $info[$i]["dn"] . "<br />";<br> echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";<br> echo "first mail entry is: " . $info[$i]["mail"][0] . "<br /> <hr<br> />";<br> </blockquote> End replacement of the echoes.<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> }<br> <br> echo "Closing connection";<br> ldap_close($ds);<br> <br> } else {<br> echo "<h4>Unable to connect to LDAP server</h4>";<br> }<br> ?><br> <br> This is a auth script that works but doesn't block students it's just a yes<br> or no and I don't know enough about php YET to work out how to fail the<br> authentication if the gidNumber is 501<br> <br> <?php<br> <br> $ldapconfig['host'] = '<a href="http://alpha.portsmouth-college.ac.uk" target="_blank">alpha.portsmouth-college.ac.uk</a>';<br> $ldapconfig['port'] = NULL;<br> $ldapconfig['basedn'] = 'dc=portsmouth-college,dc=ac,dc=uk';<br> $ldapconfig['authrealm'] = 'My Realm';<br> <br> function ldap_authenticate() {<br> global $ldapconfig;<br> global $PHP_AUTH_USER;<br> global $PHP_AUTH_PW;<br> <br> if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {<br> $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);<br> $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' .<br> $PHP_AUTH_USER);<br> if ($r) {<br> $result = @ldap_get_entries( $ds, $r);<br> </blockquote> If you are getting the gidNumber returned in the above example the try<br> replacing the follow if section:<br> if ($result[0] && $result[0][gidNumber]!=501) {<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> if ($result[0]) {<br> if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {<br> return $result[0];<br> }<br> }<br> }<br> }<br> header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');<br> header('HTTP/1.0 401 Unauthorized');<br> return NULL;<br> }<br> <br> if (($result = ldap_authenticate()) == NULL) {<br> echo('Authorization Failed');<br> exit(0);<br> }<br> echo('Authorization success');<br> echo('<br>');<br> print_r($result);<br> <br> ?><br> </blockquote> <br> Brian,<br> <br> Comments and some code changes included inline above. Let me know how<br> that turns out for you.<br> <br> HTH,<br> Ben<br> <br> _______________________________________________<br> K12OSN mailing list<br> <a href="mailto:K12OSN@redhat.com" target="_blank">K12OSN@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank">https://www.redhat.com/mailman/listinfo/k12osn</a><br> For more info see <<a href="http://www.k12os.org" target="_blank">http://www.k12os.org</a>><br> </blockquote> <br></div></div> OK altered the first script at per comments and this is ones of the result is below, it looks like it is retrieving the gidnumber etc but not sure how to alter script so it only shows cn, uidnumber & gidnumber. (bits I need for the rest of my magical script)<br> <br> I've had a bit of a think about how I'm going to do this, I'm think about putting the page that staff access behind a .htaccess that is setup so only staff get through as I have this working already but I still need to retrieve the uidnumber etc from ldap so I can enter it into a database so the line below won't be needed :-)<div class="Ih2E3d"> <br> <br> if ($result[0] && $result[0][gidNumber]!=501) {<br> <br></div> but it didn't work :-(<br> <br> Results from first script :-<br> <br> Loop count: 4<br> <br> Array<br> (<br> [objectclass] => Array<br> (<br> [count] => 5<br> [0] => top<br> [1] => inetOrgPerson<br> [2] => posixAccount<br> [3] => shadowAccount<br> [4] => sambaSamAccount<br> )<br> <br> [0] => objectclass<br> [cn] => Array<br> (<br> [count] => 1<br> [0] => brian<br> )<br> <br> [1] => cn<br> [uid] => Array<br> (<br> [count] => 1<br> [0] => brian<br> )<br> <br> [2] => uid<br> [uidnumber] => Array<br> (<br> [count] => 1<br> [0] => 1013<br> )<br> <br> [3] => uidnumber<br> [gidnumber] => Array<br> (<br> [count] => 1<br> [0] => 512<br> )<br> <br> [4] => gidnumber<br> [homedirectory] => Array<br> (<br> [count] => 1<br> [0] => /home/brian<br> )<br> <br> [5] => homedirectory<br> [loginshell] => Array<br> (<br> [count] => 1<br> [0] => /bin/bash<br> )<br> <br> [6] => loginshell<br> [gecos] => Array<br> (<br> [count] => 1<br> [0] => System User<br> )<br> <br> [7] => gecos<br> [description] => Array<br> (<br> [count] => 1<br> [0] => System User<br> )<br> <br> [8] => description<br> [sambalogontime] => Array<br> (<br> [count] => 1<br> [0] => 0<br> )<br> <br> [9] => sambalogontime<br> [sambalogofftime] => Array<br> (<br> [count] => 1<br> [0] => 2147483647<br> )<br> <br> [10] => sambalogofftime<br> [displayname] => Array<br> (<br> [count] => 1<br> [0] => System User<br> )<br> <br> [11] => displayname<br> [sambalogonscript] => Array<br> (<br> [count] => 1<br> [0] => startup.bat<br> )<br> <br> [12] => sambalogonscript<br> [sambaprofilepath] => Array<br> (<br> [count] => 1<br> [0] => \\RHO2\profiles\brian<br> )<br> <br> [13] => sambaprofilepath<br> [sambahomepath] => Array<br> (<br> [count] => 1<br> [0] => \\RHO2\homes\brian<br> )<br> <br> [14] => sambahomepath<br> [sambahomedrive] => Array<br> (<br> [count] => 1<br> [0] => P:<br> )<br> <br> [15] => sambahomedrive<br> [sambalmpassword] => Array<br> (<br> [count] => 1<br> [0] => 985CC3D8A9671FCDAAD3B435B51404EE<br> )<br> <br> [16] => sambalmpassword<br> [sambantpassword] => Array<br> (<br> [count] => 1<br> [0] => F97C55B222D47D85D922EDC6C113585E<br> )<br> <br> [17] => sambantpassword<br> [sambapwdlastset] => Array<br> (<br> [count] => 1<br> [0] => 1116514670<br> )<br> <br> [18] => sambapwdlastset<br> [userpassword] => Array<br> (<br> [count] => 1<br> [0] => {SSHA}YwnYwZKpziq6NR42i9oOBApYzHVXTWM1<br> )<br> <br> [19] => userpassword<br> [givenname] => Array<br> (<br> [count] => 1<br> [0] => Brian<br> )<br> <br> [20] => givenname<br> [sn] => Array<br> (<br> [count] => 1<br> [0] => Chivers<br> )<br> <br> [21] => sn<br> [shadowexpire] => Array<br> (<br> [count] => 1<br> [0] => 21915<br> )<br> <br> [22] => shadowexpire<br> [sambapwdcanchange] => Array<br> (<br> [count] => 1<br> [0] => 1041379201<br> )<br> <br> [23] => sambapwdcanchange<br> [sambadomainname] => Array<br> (<br> [count] => 1<br> [0] => TANGIER<br> )<br> <br> [24] => sambadomainname<br> [sambasid] => Array<br> (<br> [count] => 1<br> [0] => S-1-5-21-3889783498-3206798075-3096547488-3026<br> )<br> <br> [25] => sambasid<br> [sambaprimarygroupsid] => Array<br> (<br> [count] => 1<br> [0] => S-1-5-21-3889783498-3206798075-3096547488-512<br> )<br> <br> [26] => sambaprimarygroupsid<br> [sambaacctflags] => Array<br> (<br> [count] => 1<br> [0] => [U ]<br> )<br> <br> [27] => sambaacctflags<br> [mail] => Array<br> (<br> [count] => 1<br> [0] => <a href="mailto:brian@portsmouth-college.ac.uk" target="_blank">brian@portsmouth-college.ac.uk</a><br> )<br> <br> [28] => mail<br> [sambakickofftime] => Array<br> (<br> [count] => 1<br> [0] => 2147476447<br> )<br> <br> [29] => sambakickofftime<br> [sambapwdmustchange] => Array<br> (<br> [count] => 1<br> [0] => 1337565435<br> )<br> <br> [30] => sambapwdmustchange<br> [count] => 31<br> [dn] => uid=brian,ou=Users,dc=portsmouth-college,dc=ac,dc=uk<div class="Ih2E3d"><br> )<br></div></blockquote></div><div><br></div><div>Brian,</div><div><br></div><div>It looks like the if will need to look like this:</div><div>$gid=$result[0]<span class="Apple-style-span" style="border-collapse: collapse; ">[gidnumber][0];</span></div> <div><span class="Apple-style-span" style="border-collapse: collapse;">echo $gid;</span></div><div>if ($result[0] && $gid!=501) {</div><div>$uidNumber=$result[0]<span class="Apple-style-span" style="border-collapse: collapse; ">[uidnumber][0];</span></div> <div><span class="Apple-style-span" style="border-collapse: collapse;">echo $uid;</span></div><div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse;">Let me know if this works.</span></div> <div><span class="Apple-style-span" style="border-collapse: collapse;">Ben</span></div>