Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jul 2008
    Posts
    22
    Thanks
    2
    Thanked 0 Times in 0 Posts

    PHP, LDAP, and authenticating via logon

    my Ubuntu 8.04 box is running Apache2, running PHP5 successfully, and i can connect to our win2k AD[active-directory] server without error, yet i only get as far as listing users, computer names, email group names in our office [we have 3 offices[each, the city name-see below in my code, i am connecting to only 1 of them: $dn = "OU=cityName_here"]. i will post my "working" code below, but my question is: please help me use some php and ldap commands allowing someone to enter their network ID and PW on a logon screen [i can create that and xfr the info to next page just fine] then compare the ID/PW combination against AD to allow/disallow access. please don't just give me theory; i've spent many hours already and getting nowhere any more - is there really proven simple/straightforward code to take an id/pw, connect to ldap server, then loop through user id's and pw's, or compare id/pw against an LDAP query to determine if that user/pw combo exists in AD?? thx much in advance for your help, and code examples! my code so far:

    Code:
    <?php
    	error_reporting(E_ALL);          // place these two lines at the top of 
    	ini_set('display_errors', 1);    // the script you are debugging
    	//phpinfo();
    	
    	$ldap_server = "ldap://serverIP_here";
    	//$ldapPort = "port#_here";
    	$ldapPort = "port#_here";
    
    	$ldapUser = "serverID_here";
    	$ldapPswd = "serverPW_here";
    	$ldapLink = ldap_connect($ldap_server) or die("NO establish LDAP connection");
    	ldap_bind($ldapLink, $ldapUser, $ldapPswd) or die("NO bind to the server");
    			
    		$dn = "OU=cityName_here,DC=domainName_here,DC=com";
    		$filter="(|(sn='Caesar')(givenname='Augustus'))";
    		
     	$results = ldap_search($ldapLink, $dn, "(CN=*)");
    	//var_dump($results);	 	
    	 	
    //Create result set
        $entries = ldap_get_entries($ldapLink, $results);
       
        //Sort and print
        echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";
    
        for ($i=0; $i < $entries["count"]; $i++)
        {
            echo $entries[$i]["displayname"][0]."<br />";
        }
    
        //never forget to unbind!
        ldap_unbind($ldapLink); 
     
     $info = ldap_get_entries($ldapLink, $results); 
     echo "<br>".$info;
    	 	
    ?>
    ...which produces output as such[names chgd to protect the innocent]:
    [OUTPUT]
    User count: 455

    Users:
    Annie Oakley
    Jackie Ripper
    Sam LaRiddle
    Brad Belushi
    Linda Starling Axlerod

    Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

    Infotext Infortext
    John W. Gasey
    Sprint

    Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

    Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

    Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

    Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

    computerName123$
    computerName234$
    computerName345$
    Al Pacino
    computerName456$
    ...
    [etc, etc, etc including in all, users, computer names, email group names]

    [/OUTPUT]

    thx again for your help!!!!!

  • #2
    New Coder
    Join Date
    Jul 2008
    Posts
    22
    Thanks
    2
    Thanked 0 Times in 0 Posts

    addition to my post...this is as far as I've gotten:

    again, real user's name changed to protect the innocent.

    note: if i change the line:
    >>$results = ldap_search($ldapLink, $dn, "(CN=*)");<< to >>$results = ldap_search($ldapLink, $dn, "(CN=Arthur C. Clark)");<<

    [OUTPUT]
    User count: 1

    Users:
    Arthur Clark

    Warning: ldap_get_entries(): 2 is not a valid ldap link resource in /var/www/ldapTest1.php on line 39
    [/OUTPUT]

    at this point, i just want to compare id [which seems possible in light of the above output, but i desperately need to be able to get someone's userid and pw and authenticate them. THANK YOU!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •