[K12OSN] Help with php-ldap

Brian Chivers brian at portsmouth-college.ac.uk
Thu Oct 30 14:05:05 UTC 2008 

Nils Breunese wrote:
> Brian Chivers wrote:
> 
>> OK altered the first script at per comments and this is ones of the 
>> result is below, it looks like it is retrieving the gidnumber etc but 
>> not sure how to alter script so it only shows cn, uidnumber & 
>> gidnumber. (bits I need for the rest of my magical script)
>>
>> I've had a bit of a think about how I'm going to do this, I'm think 
>> about putting the page that staff access behind a .htaccess that is 
>> setup so only staff get through as I have this working already but I 
>> still need to retrieve the uidnumber etc from ldap so I can enter it 
>> into a database so the line below won't be needed :-)
> 
> Ik have no real world experiece with authenticating against LDAP, but I 
> have the feeling that this can all be done a whole lot easier and 
> without any PHP scripting. Did you have a look at Apache's mod_auth_ldap 
> [0]? You can use LDAP groups to specify who should be able to authenticate.
> 
> Nils Breunese.
> 
> [0] http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

You're right mod_auth_ldap is very easy to use for basic authentication but I need to do slightly 
more :-)

I'll explain,

we're using a piece of code called "vshare" that is a sort of YouTube clone allowing staff to upload 
movies etc. The problem is that it stores all it's users in a mysql database. All our users live in 
ldap with passwords as SMD5, Vshare stores them all as MD5. I can't see an easy way to export our 
users & import them into the mysql database. To further add to the complications the php that vshare 
uses is all Zend encoded so I can't even edit this. :-(

So what I'm trying to do is create a page that our staff visit once to set themselves up that will 
do the following :-

1.) Authenticate them against our ldap server to access the page (easy with mod_ldap_auth)
2.) Check this password against the ldap so the passwords they are using are the same and the vlaue 
is then held in the php variables PHP_AUTH_PWD in plaintext (this bit scares me when you run phpinfo 
*grin*)
3.) Read these values from php variable and create a MD5 hash
4.) Read the uid number from ldap
5.) create the relevant mysql entries into the vshare database using the UID, password etc so that 
staff login with there usual username & password.

Simple really :-)

I've got the first 3 steps working, just working on steps 4 & 5 :-)

Brian

------------------------------------------------------------------------------------------------
    The views expressed here are my own and not necessarily
 
                the views of Portsmouth College

More information about the K12OSN mailing list