...

View Full Version : PHP, LDAP, and authenticating via logon



dcparham
09-13-2009, 10:51 PM
my Ubuntu 8.04 box is running Apache2, running PHP5 successfully, and i can connect to our win2k AD[active-directory] server without error, yet i only get as far as listing users, computer names, email group names in our office [we have 3 offices[each, the city name-see below in my code, i am connecting to only 1 of them: $dn = "OU=cityName_here"]. i will post my "working" code below, but my question is: please help me use some php and ldap commands allowing someone to enter their network ID and PW on a logon screen [i can create that and xfr the info to next page just fine] then compare the ID/PW combination against AD to allow/disallow access. please don't just give me theory; i've spent many hours already and getting nowhere any more - is there really proven simple/straightforward code to take an id/pw, connect to ldap server, then loop through user id's and pw's, or compare id/pw against an LDAP query to determine if that user/pw combo exists in AD?? thx much in advance for your help, and code examples! my code so far:



<?php
error_reporting(E_ALL); // place these two lines at the top of
ini_set('display_errors', 1); // the script you are debugging
//phpinfo();

$ldap_server = "ldap://serverIP_here";
//$ldapPort = "port#_here";
$ldapPort = "port#_here";

$ldapUser = "serverID_here";
$ldapPswd = "serverPW_here";
$ldapLink = ldap_connect($ldap_server) or die("NO establish LDAP connection");
ldap_bind($ldapLink, $ldapUser, $ldapPswd) or die("NO bind to the server");

$dn = "OU=cityName_here,DC=domainName_here,DC=com";
$filter="(|(sn='Caesar')(givenname='Augustus'))";

$results = ldap_search($ldapLink, $dn, "(CN=*)");
//var_dump($results);

//Create result set
$entries = ldap_get_entries($ldapLink, $results);

//Sort and print
echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";

for ($i=0; $i < $entries["count"]; $i++)
{
echo $entries[$i]["displayname"][0]."<br />";
}

//never forget to unbind!
ldap_unbind($ldapLink);

$info = ldap_get_entries($ldapLink, $results);
echo "<br>".$info;

?>

...which produces output as such[names chgd to protect the innocent]:

User count: 455

Users:
Annie Oakley
Jackie Ripper
Sam LaRiddle
Brad Belushi
Linda Starling Axlerod

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Infotext Infortext
John W. Gasey
Sprint

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

computerName123$
computerName234$
computerName345$
Al Pacino
computerName456$
...
[etc, etc, etc including in all, users, computer names, email group names]



thx again for your help!!!!!

dcparham
09-13-2009, 11:12 PM
again, real user's name changed to protect the innocent.

note: if i change the line:
>>$results = ldap_search($ldapLink, $dn, "(CN=*)");<< to >>$results = ldap_search($ldapLink, $dn, "(CN=Arthur C. Clark)");<<


User count: 1

Users:
Arthur Clark

Warning: ldap_get_entries(): 2 is not a valid ldap link resource in /var/www/ldapTest1.php on line 39


at this point, i just want to compare id [which seems possible in light of the above output, but i desperately need to be able to get someone's userid and pw and authenticate them. THANK YOU!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum