[K12OSN] Help with php-ldap

Thu Oct 30 13:38:54 UTC 2008

Ben Dailey wrote:
> On Thu, Oct 30, 2008 at 5:15 AM, Brian Chivers
> <brian at portsmouth-college.ac.uk> wrote:
>> Ben Dailey wrote:
>>> On Wed, Oct 29, 2008 at 5:07 PM, Brian Chivers
>>> <brian at portsmouth-college.ac.uk> wrote:
>>>> Has anyone done anything with php-ldap ??
>>>>
>>>> I'm trying to write a php script that will return the users with there
>>>> gidNumber but what I have doesn't return the gidNumber.
>>>>
>>>> I can post my script so far if it helps.
>>>>
>>>> Thanks
>>>> Brian Chivers
>>>> Portsmouth College
>>>>
>>>>
>>>> ------------------------------------------------------------------------------------------------
>>>>  The views expressed here are my own and not necessarily
>>>>
>>>>              the views of Portsmouth College
>>> Brian,
>>>
>>> I have written a authentication script which we use in house to do
>>> authentication. What kind of ldap directory are you trying to query?
>>> If you post your script and php version. I will do my best at giving a
>>> hand.
>>>
>>> Thanks,
>>> Ben Dailey
>>> Asst. Technology Director
>>> Bluffton-Harrison MSD
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>> Thanks for the offer :-)
>>
>> It's a openldap server & we're running php5
>>
>> The script I've got below is something I found on the web and it sort of
>> works but doesn't show the gidNumber & I'd like to have this as I don't want
>> students (gid=501) to be authenticated only staff (various gids)
>>
>> <?php
>> // basic sequence with LDAP is connect, bind, search, interpret search
>> // result, close connection
>> $ldaphost = "alpha.portsmouth-college.ac.uk";
>> $username = "Manager";
>> $binddn  = "cn=$username,dc=portsmouth-college,dc=ac,dc=uk";     // ldap rdn
>> or dn
>> $bindpass = "special_password";  // associated password
>>
>> echo "<h3>LDAP query test</h3>";
>> echo "Connecting ...";
>> $ds=ldap_connect($ldaphost);  // must be a valid LDAP server!
>> echo "connect result is " . $ds . "<br />";
>>
>> if ($ds) {
>>    echo "Binding ...";
>>    $r=ldap_bind($ds,$binddn,$bindpass);
>>    echo "Bind result is " . $r . "<br />";
>>
>>    echo "Searching for (cn=*) ...";
>>    // Search surname entry
>>    $sr=ldap_search($ds,"dc=portsmouth-college,dc=ac,dc=uk", "cn=*");
>>    echo "Search result is " . $sr . "<br />";
>>
>>    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) .
>> "<br />";
>>
>>    echo "Getting entries ...<p>";
>>    $info = ldap_get_entries($ds, $sr);
>>    echo "Data for " . $info["count"] . " items returned:<p>";
>>
>>    for ($i=0; $i<$info["count"]; $i++) {
>>        echo "Loop count: " . $i . "<br />";
> Replace the following echoes with:
> echo "<pre>";
> print_r($info[$i]);
> echo "</pre>";
>>         echo "gidNumber is: ". $info[$i]["gidNumber"]."<br />";
>>        echo "dn is: " . $info[$i]["dn"] . "<br />";
>>        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
>>        echo "first mail entry is: " . $info[$i]["mail"][0] . "<br /> <hr
>> />";
> End replacement of the echoes.
>>    }
>>
>>    echo "Closing connection";
>>    ldap_close($ds);
>>
>> } else {
>>    echo "<h4>Unable to connect to LDAP server</h4>";
>> }
>> ?>
>>
>> This is a auth script that works but doesn't block students it's just a yes
>> or no and I don't know enough about php YET to work out how to fail the
>> authentication if the gidNumber is 501
>>
>> <?php
>>
>> $ldapconfig['host'] = 'alpha.portsmouth-college.ac.uk';
>> $ldapconfig['port'] = NULL;
>> $ldapconfig['basedn'] = 'dc=portsmouth-college,dc=ac,dc=uk';
>> $ldapconfig['authrealm'] = 'My Realm';
>>
>> function ldap_authenticate() {
>>    global $ldapconfig;
>>    global $PHP_AUTH_USER;
>>    global $PHP_AUTH_PW;
>>
>>    if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
>>        $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
>>        $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' .
>> $PHP_AUTH_USER);
>>        if ($r) {
>>            $result = @ldap_get_entries( $ds, $r);
> If you are getting the gidNumber returned in the above example the try
> replacing the follow if section:
> if ($result[0] && $result[0][gidNumber]!=501) {
>>            if ($result[0]) {
>>                if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
>>                    return $result[0];
>>                }
>>            }
>>        }
>>    }
>>    header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
>>    header('HTTP/1.0 401 Unauthorized');
>>    return NULL;
>> }
>>
>> if (($result = ldap_authenticate()) == NULL) {
>>    echo('Authorization Failed');
>>    exit(0);
>> }
>> echo('Authorization success');
>> echo('<br>');
>> print_r($result);
>>
>> ?>
> 
> Brian,
> 
> Comments and some code changes included inline above. Let me know how
> that turns out for you.
> 
> HTH,
> Ben
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

OK altered the first script at per comments and this is ones of the result is below, it looks like 
it is retrieving the gidnumber etc but not sure how to alter script so it only shows cn, uidnumber & 
gidnumber. (bits I need for the rest of my magical script)