[K12OSN] Help with php-ldap

Brian Chivers brian at portsmouth-college.ac.uk
Thu Oct 30 09:15:25 UTC 2008 

Ben Dailey wrote:
> On Wed, Oct 29, 2008 at 5:07 PM, Brian Chivers
> <brian at portsmouth-college.ac.uk> wrote:
>> Has anyone done anything with php-ldap ??
>>
>> I'm trying to write a php script that will return the users with there
>> gidNumber but what I have doesn't return the gidNumber.
>>
>> I can post my script so far if it helps.
>>
>> Thanks
>> Brian Chivers
>> Portsmouth College
>>
>> ------------------------------------------------------------------------------------------------
>>   The views expressed here are my own and not necessarily
>>
>>               the views of Portsmouth College
> 
> Brian,
> 
> I have written a authentication script which we use in house to do
> authentication. What kind of ldap directory are you trying to query?
> If you post your script and php version. I will do my best at giving a
> hand.
> 
> Thanks,
> Ben Dailey
> Asst. Technology Director
> Bluffton-Harrison MSD
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

Thanks for the offer :-)

It's a openldap server & we're running php5

The script I've got below is something I found on the web and it sort of works but doesn't show the 
gidNumber & I'd like to have this as I don't want students (gid=501) to be authenticated only staff 
(various gids)

<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
$ldaphost = "alpha.portsmouth-college.ac.uk";
$username = "Manager";
$binddn  = "cn=$username,dc=portsmouth-college,dc=ac,dc=uk";     // ldap rdn or dn
$bindpass = "special_password";  // associated password

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect($ldaphost);  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) {
     echo "Binding ...";
     $r=ldap_bind($ds,$binddn,$bindpass);
     echo "Bind result is " . $r . "<br />";

     echo "Searching for (cn=*) ...";
     // Search surname entry
     $sr=ldap_search($ds,"dc=portsmouth-college,dc=ac,dc=uk", "cn=*");
     echo "Search result is " . $sr . "<br />";

     echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";

     echo "Getting entries ...<p>";
     $info = ldap_get_entries($ds, $sr);
     echo "Data for " . $info["count"] . " items returned:<p>";

     for ($i=0; $i<$info["count"]; $i++) {
         echo "Loop count: " . $i . "<br />";
	 echo "gidNumber is: ". $info[$i]["gidNumber"]."<br />";
         echo "dn is: " . $info[$i]["dn"] . "<br />";
         echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
         echo "first mail entry is: " . $info[$i]["mail"][0] . "<br /> <hr />";
     }

     echo "Closing connection";
     ldap_close($ds);

} else {
     echo "<h4>Unable to connect to LDAP server</h4>";
}
?>

This is a auth script that works but doesn't block students it's just a yes or no and I don't know 
enough about php YET to work out how to fail the authentication if the gidNumber is 501

<?php

$ldapconfig['host'] = 'alpha.portsmouth-college.ac.uk';
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = 'dc=portsmouth-college,dc=ac,dc=uk';
$ldapconfig['authrealm'] = 'My Realm';

function ldap_authenticate() {
     global $ldapconfig;
     global $PHP_AUTH_USER;
     global $PHP_AUTH_PW;

     if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
         $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
         $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER);
         if ($r) {
             $result = @ldap_get_entries( $ds, $r);
             if ($result[0]) {
                 if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
                     return $result[0];
                 }
             }
         }
     }
     header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
     header('HTTP/1.0 401 Unauthorized');
     return NULL;
}

if (($result = ldap_authenticate()) == NULL) {
     echo('Authorization Failed');
     exit(0);
}
echo('Authorization success');
echo('<br>');
print_r($result);

?>

------------------------------------------------------------------------------------------------
    The views expressed here are my own and not necessarily
 
                the views of Portsmouth College

More information about the K12OSN mailing list