[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Help with php-ldap

Ben Dailey wrote:
On Wed, Oct 29, 2008 at 5:07 PM, Brian Chivers
<brian portsmouth-college ac uk> wrote:
Has anyone done anything with php-ldap ??

I'm trying to write a php script that will return the users with there
gidNumber but what I have doesn't return the gidNumber.

I can post my script so far if it helps.

Brian Chivers
Portsmouth College

  The views expressed here are my own and not necessarily

              the views of Portsmouth College


I have written a authentication script which we use in house to do
authentication. What kind of ldap directory are you trying to query?
If you post your script and php version. I will do my best at giving a

Ben Dailey
Asst. Technology Director
Bluffton-Harrison MSD

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Thanks for the offer :-)

It's a openldap server & we're running php5

The script I've got below is something I found on the web and it sort of works but doesn't show the gidNumber & I'd like to have this as I don't want students (gid=501) to be authenticated only staff (various gids)

// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
$ldaphost = "alpha.portsmouth-college.ac.uk";
$username = "Manager";
$binddn  = "cn=$username,dc=portsmouth-college,dc=ac,dc=uk";     // ldap rdn or dn
$bindpass = "special_password";  // associated password

echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect($ldaphost);  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";

if ($ds) {
    echo "Binding ...";
    echo "Bind result is " . $r . "<br />";

    echo "Searching for (cn=*) ...";
    // Search surname entry
    $sr=ldap_search($ds,"dc=portsmouth-college,dc=ac,dc=uk", "cn=*");
    echo "Search result is " . $sr . "<br />";

    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";

    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";

    for ($i=0; $i<$info["count"]; $i++) {
        echo "Loop count: " . $i . "<br />";
	 echo "gidNumber is: ". $info[$i]["gidNumber"]."<br />";
        echo "dn is: " . $info[$i]["dn"] . "<br />";
        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
        echo "first mail entry is: " . $info[$i]["mail"][0] . "<br /> <hr />";

    echo "Closing connection";

} else {
    echo "<h4>Unable to connect to LDAP server</h4>";

This is a auth script that works but doesn't block students it's just a yes or no and I don't know enough about php YET to work out how to fail the authentication if the gidNumber is 501


$ldapconfig['host'] = 'alpha.portsmouth-college.ac.uk';
$ldapconfig['port'] = NULL;
$ldapconfig['basedn'] = 'dc=portsmouth-college,dc=ac,dc=uk';
$ldapconfig['authrealm'] = 'My Realm';

function ldap_authenticate() {
    global $ldapconfig;
    global $PHP_AUTH_USER;
    global $PHP_AUTH_PW;

    if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
        $ds= ldap_connect($ldapconfig['host'],$ldapconfig['port']);
        $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER);
        if ($r) {
            $result = @ldap_get_entries( $ds, $r);
            if ($result[0]) {
                if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
                    return $result[0];
    header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
    header('HTTP/1.0 401 Unauthorized');
    return NULL;

if (($result = ldap_authenticate()) == NULL) {
    echo('Authorization Failed');
echo('Authorization success');


   The views expressed here are my own and not necessarily

the views of Portsmouth College
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]