+ Post New Thread
Results 1 to 11 of 11
How do you do....it? Thread, LDAP in Technical; We have a PHD student here who is writing some excellent program. Basically, in a nutshell it's to track student ...
  1. #1

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241

    LDAP

    We have a PHD student here who is writing some excellent program. Basically, in a nutshell it's to track student marks.

    Anyway, he was wanting to use LDAP to authenticate users against the active directory. Can anybody give me advice on how to go about this on a Serer 2k3 box?

    I've installed WAMP server and have edited the php_ldap extension. This guy knows what he's doing with PHP so I will leave him to worry about getting the code right, but do I need to set up a special user for ldap and if so how or what settings should this user have?

  2. #2

    Join Date
    Oct 2007
    Location
    Newcastle Upon Tyne
    Posts
    452
    Thank Post
    147
    Thanked 66 Times in 57 Posts
    Rep Power
    43
    I have only setup LDAP on Netware, but i created a user, who could browse and read the netware tree. I am believe that is all you need unless you want LDAP to change any values. One thing to be aware is that you use secure LDAP otherwise you will be allowing usernames and passwords to flow across the network in plain text

  3. Thanks to TronXP from:

    Hightower (18th June 2008)

  4. #3
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    AD doesnt allow annonymous searching so youll have to bind with a proper user, but it can be just that. A user, non-admin/non-special. Good tip ive run into was making that users password not expire, as one day it will expire otherwise and youll scratch your head why ur app has died... or in my case why my LDAP addressBook for all mail clients had become inaccessible.

  5. #4

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Thanks anthony,

    He doesn't need it now - typical. What he does need though is some way of getting the currently logged on user (this is just going to be used internally) using his PHP script and using this to get the needed data from his database.

  6. #5

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by Hightower View Post
    What he does need though is some way of getting the currently logged on user (this is just going to be used internally) using his PHP script and using this to get the needed data from his database.
    You mean he wants to get the name of the currently logged in Windows user from the client machine and pass that to his PHP-based web application? This might help:

    Integrated Windows Authentication - Wikipedia, the free encyclopedia

    I imagine this will be fiddly with any combination of tools that are not Internet Explorere on the client, IIS as the web server and a VB/ASP.Net/etc web application.

    --
    David Hicks

  7. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    If you enable NTLM authentication on your web server, then the user name will be available to him via the normal HTTP authentication API.

    NTLM auth module for Apache/Unix

  8. #7
    Iain's Avatar
    Join Date
    Oct 2006
    Location
    Warwickshire
    Posts
    187
    Thank Post
    28
    Thanked 93 Times in 53 Posts
    Rep Power
    31
    Or if you are running apache on a windows box take a look at the mod-auth-sspi module.

    The username should then be available in a php script by using the server variable $_SERVER['REMOTE_USER']

    Iain

  9. #8
    Friez's Avatar
    Join Date
    Dec 2006
    Posts
    839
    Thank Post
    22
    Thanked 22 Times in 21 Posts
    Rep Power
    23
    If anyones curious on a PHP function to validate a user/login combo against LDAP (slightly modified to give you clues as to what variables to change/protect the innocent):

    PHP Code:
    <?php
    ///////////////////////////////////////////////////////////////////////////////////
    // LDAPfunctions.php
    // Date: 26/11/2007
    // Author: Friez
    //
    // Contains functions for use with LDAP.
    ///////////////////////////////////////////////////////////////////////////////////


    ///////////////////////////////////////////
    // verifyLDAPUser
    //
    // Verifies the username and password with
    // LDAP and returns a 1 on success or 0 on
    // failure.
    ///////////////////////////////////////////
        
    function verifyLDAPUser($user,$pass)
        {
            if(
    $user == "" || $pass == ""// blank
                
    return "0";
            
            
    $ad ldap_connect("yourlogonserver"); // throw in your logon server here
                 
            
    ldap_set_option($adLDAP_OPT_PROTOCOL_VERSION3);
            
    ldap_set_option($adLDAP_OPT_REFERRALS0);            
            
            
    $fqname $user "@yourdomain.local"// tap in your domain malarky here
            
            
    $ret "-1"// if we end up returning -1 something REALLY insane happened ;)
            
            
    $bd ldap_bind($ad,$fqname,$pass);
            
            if(
    $bd == false)
            {
                
    $ret "0";
            }
            else
            {
                
    $ret "1";    
            }
            
            
    ldap_unbind($bd); //unbind before exiting the function!
            
    return $ret
         }
    ?>
    Easy!
    Last edited by Friez; 19th June 2008 at 10:39 AM.

  10. Thanks to Friez from:

    maniac (19th June 2008)

  11. #9

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144
    Thanks for that Friez, saves me looking as I'm currently re-coding my PHP helpdesk to use LDAP.

    Mike.

  12. #10

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Or you could make use of the standard Pear Auth package, which has support for these:

    • All databases supported by the PEAR database layer
    • All databases supported by the MDB database layer
    • All databases supported by the MDB2 database layer
    • Plaintext files
    • LDAP servers
    • POP3 servers
    • IMAP servers
    • vpopmail accounts (Using either PECL vpopmail or PEAR Net_Vpopmaild)
    • RADIUS
    • SAMBA password files
    • SOAP (Using either PEAR SOAP package or PHP5 SOAP extension)
    • PEAR website
    • Kerberos V servers
    • SAP servers


    http://pear.php.net/package/Auth

  13. Thanks to localzuk from:

    amfony (20th June 2008)

  14. #11
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    0o0o great post localzuk -- i was unaware of that list with PEAR. I smell a "thank" on the horizon.

SHARE:
+ Post New Thread

Similar Threads

  1. phpESP and LDAP
    By brubakes in forum Educational Software
    Replies: 0
    Last Post: 3rd January 2008, 08:55 PM
  2. Apache2 & LDAP
    By jasonyates in forum How do you do....it?
    Replies: 4
    Last Post: 6th November 2007, 10:03 AM
  3. PHP and LDAP on IIS
    By srochford in forum Windows
    Replies: 2
    Last Post: 31st October 2007, 09:05 AM
  4. GLPI - Ldap
    By j17sparky in forum Web Development
    Replies: 14
    Last Post: 29th October 2007, 04:22 PM
  5. ldap on php
    By browolf in forum Web Development
    Replies: 11
    Last Post: 8th May 2007, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •