[K12OSN] Help with php-ldap
Ben Dailey
ben at inspiredtechs.com
Thu Oct 30 12:41:51 UTC 2008
On Thu, Oct 30, 2008 at 5:15 AM, Brian Chivers
<brian at portsmouth-college.ac.uk> wrote:
> Ben Dailey wrote:
>>
>> On Wed, Oct 29, 2008 at 5:07 PM, Brian Chivers
>> <brian at portsmouth-college.ac.uk> wrote:
>>>
>>> Has anyone done anything with php-ldap ??
>>>
>>> I'm trying to write a php script that will return the users with there
>>> gidNumber but what I have doesn't return the gidNumber.
>>>
>>> I can post my script so far if it helps.
>>>
>>> Thanks
>>> Brian Chivers
>>> Portsmouth College
>>>
>>>
>>> ------------------------------------------------------------------------------------------------
>>> The views expressed here are my own and not necessarily
>>>
>>> the views of Portsmouth College
>>
>> Brian,
>>
>> I have written a authentication script which we use in house to do
>> authentication. What kind of ldap directory are you trying to query?
>> If you post your script and php version. I will do my best at giving a
>> hand.
>>
>> Thanks,
>> Ben Dailey
>> Asst. Technology Director
>> Bluffton-Harrison MSD
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
> Thanks for the offer :-)
>
> It's a openldap server & we're running php5
>
> The script I've got below is something I found on the web and it sort of
> works but doesn't show the gidNumber & I'd like to have this as I don't want
> students (gid=501) to be authenticated only staff (various gids)
>
> <?php
> // basic sequence with LDAP is connect, bind, search, interpret search
> // result, close connection
> $ldaphost = "alpha.portsmouth-college.ac.uk";
> $username = "Manager";
> $binddn = "cn=$username,dc=portsmouth-college,dc=ac,dc=uk"; // ldap rdn
> or dn
> $bindpass = "special_password"; // associated password
>
> echo "<h3>LDAP query test</h3>";
> echo "Connecting ...";
> $ds=ldap_connect($ldaphost); // must be a valid LDAP server!
> echo "connect result is " . $ds . "<br />";
>
> if ($ds) {
> echo "Binding ...";
> $r=ldap_bind($ds,$binddn,$bindpass);
> echo "Bind result is " . $r . "<br />";
>
> echo "Searching for (cn=*) ...";
> // Search surname entry
> $sr=ldap_search($ds,"dc=portsmouth-college,dc=ac,dc=uk", "cn=*");
> echo "Search result is " . $sr . "<br />";
>
> echo "Number of entires returned is " . ldap_count_entries($ds, $sr) .
> "<br />";
>
> echo "Getting entries ...<p>";
> $info = ldap_get_entries($ds, $sr);
> echo "Data for " . $info["count"] . " items returned:<p>";
>
> for ($i=0; $i<$info["count"]; $i++) {
> echo "Loop count: " . $i . "<br />";
Replace the following echoes with:
echo "<pre>";
print_r($info[$i]);
echo "</pre>";
> echo "gidNumber is: ". $info[$i]["gidNumber"]."<br />";
> echo "dn is: " . $info[$i]["dn"] . "<br />";
> echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
> echo "first mail entry is: " . $info[$i]["mail"][0] . "<br /> <hr
> />";
End replacement of the echoes.
> }
>
> echo "Closing connection";
> ldap_close($ds);
>
> } else {
> echo "<h4>Unable to connect to LDAP server</h4>";
> }
> ?>
>
> This is a auth script that works but doesn't block students it's just a yes
> or no and I don't know enough about php YET to work out how to fail the
> authentication if the gidNumber is 501
>
> <?php
>
> $ldapconfig['host'] = 'alpha.portsmouth-college.ac.uk';
> $ldapconfig['port'] = NULL;
> $ldapconfig['basedn'] = 'dc=portsmouth-college,dc=ac,dc=uk';
> $ldapconfig['authrealm'] = 'My Realm';
>
> function ldap_authenticate() {
> global $ldapconfig;
> global $PHP_AUTH_USER;
> global $PHP_AUTH_PW;
>
> if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
> $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
> $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' .
> $PHP_AUTH_USER);
> if ($r) {
> $result = @ldap_get_entries( $ds, $r);
If you are getting the gidNumber returned in the above example the try
replacing the follow if section:
if ($result[0] && $result[0][gidNumber]!=501) {
> if ($result[0]) {
> if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
> return $result[0];
> }
> }
> }
> }
> header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
> header('HTTP/1.0 401 Unauthorized');
> return NULL;
> }
>
> if (($result = ldap_authenticate()) == NULL) {
> echo('Authorization Failed');
> exit(0);
> }
> echo('Authorization success');
> echo('<br>');
> print_r($result);
>
> ?>
Brian,
Comments and some code changes included inline above. Let me know how
that turns out for you.
HTH,
Ben
More information about the K12OSN
mailing list