JaguarPC Community - Web Hosting, VPS Hosting, cPanel VPS Hosting, Hybrid Servers, Dedicated Servers, Virutal Private Servers, Managed Servers
» Hosting Community Support
» Design and Development
:
LDAP Stuff
| Design and Development Get help setting up forums, databases, or discuss any form of scripting. Have a question or comment about a website? Or just show off your own site! |
 |
|
|
Thread Tools | Display Modes |
09-24-2007, 06:58 AM
|
#1 |
|
Master of Cheese
Join Date: Jun 2006
Location: Cambridge, UK
Posts: 72
|
LDAP Stuff
Has anyone used Trellis Desk? I am trying to rewrite the coding to work with LDAP User Authentication. Does anyone have experience in integrating LDAP into scripts?
Thanks
__________________
|
|
|
|
09-24-2007, 08:52 AM
|
#2 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
I frequently do LDAP authentication in PHP scripts at work. Do you have specific questions, need to see sample code, or what?
I've never used Trellis Desk. --Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
09-24-2007, 01:58 PM
|
#3 |
|
Master of Cheese
Join Date: Jun 2006
Location: Cambridge, UK
Posts: 72
|
I basically want to know how to do it. I have found what i think is the authentication page. I then need a configurable LDAP script that will contain all the LDAP settings. Then hopefully it will all work fine. I have attached the file that i think would be the file i need to edit.
Thanks J FIle: class_session.php PHP Code:
PHP Code:
__________________
|
|
|
|
|
01-20-2008, 05:35 AM
|
#4 |
|
Master of Cheese
Join Date: Jun 2006
Location: Cambridge, UK
Posts: 72
|
Right what i am after is a sample LDAP Script to bind to a LDAP Server with a password. Check that the details are correct. After that it will get the user data using the username, if the user doesn't exist it would need to create it.
If this something you work on Jason what would it cost me to get you to code it for me! Thanks Jamie
__________________
|
|
|
|
|
01-21-2008, 12:28 AM
|
#5 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
I got your PM the other day, but I've been too busy to find the code I have that does essentially what you want. I know exactly where it is on a machine that I can't get to boot right now. Its been quite a while since I used it in production, so I'll have to hunt around a bit to find it somewhere else. I'll see what I can find at work tomorrow.
--Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
02-06-2008, 11:59 AM
|
#6 |
|
JPC Senior Member
Join Date: Feb 2008
Location: Spotsy, Va.
Posts: 50
|
Just an Idea...
You take a look at some of the LDAP code in impresscms and xoops... Their is also the xhelp module which would run native with the cms and LDAP. |
|
|
|
|
02-06-2008, 12:11 PM
|
#7 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
Was the stuff I PMed you a while back helpful?
--Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
04-01-2008, 03:15 AM
|
#8 |
|
Master of Cheese
Join Date: Jun 2006
Location: Cambridge, UK
Posts: 72
|
Yes it was, but i'm still trying to work out how to fit it! I will work out how it needs to work then post and you may be able to help me understand
__________________
|
|
|
|
|
04-01-2008, 09:57 AM
|
#9 |
|
Jag Veteran
Join Date: Sep 2001
Location: Albuquerque NM
Posts: 1,318
|
If its not too much trouble would it be possible for you to post the code example here Jason? I would love to be able to use active directory for authentication in one of my php scripts, until I saw this thread I didn't think it would be possible.
On edit. I did some more research on it: http://us3.php.net/ldap http://www.developer.com/lang/php/ar...0941_3100951_2 I'm sorry to hijack this thread but this is pretty interesting. Has anyone actually had success getting this to work with active directory? This might be a dumb question since I don't even know if you could join a linux box to a domain but would your PHP server have to be a member of the NT domain active directory is in for this to work? Or can outside computers actually query the domain controller given the right permissions?
__________________
 Pawel Kowalski Albuquerque Web Design templatesXchange - Free Web Templates - Native American Jewelry Last edited by Pawel Kowalski; 04-01-2008 at 10:24 AM. |
|
|
|
|
04-01-2008, 10:22 AM
|
#10 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
Yeah. I'll have to dig it out again, but I can post it. Give me a little time, though.
My code was written for OpenLDAP and not AD. AD uses a slightly different connection string, but I think that other than that the code should work fine in either environment. --Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
04-01-2008, 10:49 AM
|
#11 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
Ha ha...I just realized that the code I sent to jetdiscos is still in my outbox....
Code:
<?php
function ldapAuth($username, $password) {
//set the following:
//your ldap server's hostname
$ldap_host = 'ldap.yourdomain.yourtld';
//your ldap server's distinguished name base
$base_dn = 'ou=People,dc=yourdomain,dc=yourtld'
//that should be all your need to edit unless your server uses something other than 'uid'
//as the user identifier
//append the username to the base DN to get the connection string
$full_dn = 'uid=' . $username . ',' . $base_dn;
//connect to the server
$ldap_id = @ldap_connect("ldap.rit.edu");
//bind to the server (ie authenticate the user)
$ldap_bind_id = @ldap_bind($ldap_id, $full_dn, $password);
//do a search (since it is possible to search for anyone we need to repeat the username--seems redundant, but not)
$ldap_result = @ldap_search($ldap_id, $full_dn, 'uid=' . $username);
//get the entries (returns an multi-dimension array of all fields for all results)
//there should only be one result with the query we did, though
$ldap_entry = @ldap_get_entries($ldap_id, $ldap_sr);
//close the connection
@ldap_unbind($ldap_bind_id);
if($ldap_bind_id && $password != "") {
//this check is very important since some ldap servers allow anonymous binds
//a bind may succeed without a password, but it won't succeed with an incorrect password
//return all of the data retrieved
return $ldap_entry;
}
return false;
}
//usage example
if($auth = ldapAuth($_POST['username'], $_POST['password'])) {
//if the authentication worked this will execute and $auth will contain the serach result
echo('<pre>');
print_r($auth);
echo('</pre>');
}
else {
//ldapAuth() returned false meaning authentication failed
echo('Authentication error');
}
?>
1) set $ldap_host to the name of your server 2) set $base_dn to the base distinguished name for your server. As I said, the example is formatted for OpenLDAP. I believe the form ActiveDirectory expects for a DN is "user@domain.sld.tld" or some such, so I would probably use "@domain.sld.tld" here. 3) for AD you'll also need to change the format of $full_dn and I believe AD uses CN and not UID as the field for usernames, so you'll probably also need to change the parameters to LDAP search. When you call the function it will return either an array containing all of the records returned by the serach or false if authentication failed. One tools I have found especially useful when working with LDAP data has been the free Softerra LDAP Browser. It lets you connect and search through LDAP information using a handy tree-based interface so you can see exactly how data is stored. Enjoy! --Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
04-01-2008, 12:17 PM
|
#12 |
|
Jag Veteran
Join Date: Sep 2001
Location: Albuquerque NM
Posts: 1,318
|
Jason, if you are ever in Albuquerque I'll have to buy you a beer. Thanks for this, I'm going to play around with it and see what happens. I just downloaded LDAP browser and it seems to be communicating with active directory without any issues.
__________________
Pawel Kowalski Albuquerque Web Design templatesXchange - Free Web Templates - Native American Jewelry |
|
|
|
|
04-01-2008, 01:55 PM
|
#13 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
I'd love to take you up on th at offer some day. I went backpacking in northern New Mexico in high school and absolutely loved it. I'd love to go back.
--Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
04-01-2008, 02:40 PM
|
#14 |
|
Jag Veteran
Join Date: Sep 2001
Location: Albuquerque NM
Posts: 1,318
|
I love the mountains and mesas around here. Even in albuquerque, a desert city of almost a million people, you have some of the most beautiful mountain trails around. Not to mention the fact that the air is so clear here you can see for hundreds of miles out.
__________________
Pawel Kowalski Albuquerque Web Design templatesXchange - Free Web Templates - Native American Jewelry |
|
|
|
|
04-02-2008, 09:21 AM
|
#15 |
|
Community Leader
Join Date: Sep 2001
Location: Rochester, NY
Posts: 5,916
|
That's pretty much how I felt when I was there, too. I experienced what are, to this day, some of the best memories of my life while I was out there--like my first night out on the trail when I was walking through the woods and nearly stepped on a single, small cactus just growing among all of the trees or when we got into camp one afternoon, set up our tents, and found a small plateau from which we watched the lightning from the impending thunderstorm while it was way off on the horizon.
Although the temperatures were 90+ degrees every day we were out there it felt much nicer than even 80 degree temps do here because of the lack of humidity and it rained (or hailed) every afternoon for just long enough to cool things off. We planned it well, too--just about every day we were in camp and set up before the rain came, so when it did we'd nap for about an hour or so and then get up to start dinner. OK...now you've gotten me off topic and dreaming about how much I want to see the southwest again. (As much as I like it there, though, I doubt I could ever bring myself to give up the harsh northeast winters that I've lived with my whole life--as crazy as that sounds!) --Jason
__________________
Jason Pitoniak Interbrite Communications www.interbrite.com www.kodiakskorner.com |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
