+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Web Development Thread, Intranet page based on group membership in Coding and Web Development; I have a few functions - <?php //Returns a bound LDAP connection function getldapconnection($host,$user,$password){ $ad = ldap_connect("ldap://" . $host,389) or ...
  1. #16

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,529
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    I have a few functions -

    <?php


    //Returns a bound LDAP connection
    function getldapconnection($host,$user,$password){
    $ad = ldap_connect("ldap://" . $host,389) or die('Could not connect to LDAP server.');
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
    @ldap_bind($ad, $user, $password) or die('Could not bind to AD.');
    return $ad;
    }

    //Checks group membership for a user
    function checkldapgroupmembership($ldap,$basedn,$group,$use rname){
    $filter = "(sAMAccountName=" . $username . ")";
    $attr = array("memberof");
    $result = ldap_search($ldap, $basedn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap,$result);
    $access = 0;
    foreach($entries[0]['memberof'] as $grps){
    if(strpos($grps,$group)){ $access = 1; break;}
    }
    return $access;
    }

    //Get real name from username
    function getldapname($ldap,$basedn,$username){
    $filter = "(sAMAccountName=" . $username . ")";
    $result = ldap_search($ldap, $basedn, $filter) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap,$result);
    return $entries[0]['cn'][0];
    }

    //Get email name from username
    function getldapmail($ldap,$basedn,$username){
    $filter = "(sAMAccountName=" . $username . ")";
    $result = ldap_search($ldap, $basedn, $filter) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap,$result);
    return $entries[0]['mail'][0];
    }
    ?>
    So that lot is in a functions.inc.php file, and then I simply call 'checkldapgroupmembership' wherever i need to.

  2. #17

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    so you have that in functions.inc.php, and then in say index.php you call that function and do the if user is in group x do y part?
    i know im being silly but if you have to pass the user/pass for searching ldap in the index file, isn't that then visible to anyone viewing the source?

    also is it the header:location thing to redirect them that you use?

  3. #18

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,529
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Yes, that's what I do with it - if the user is in a group do x, else y etc...

    PHP source is visible only to people on the server. So, the username and password are ones I've set up specifically for that purpose, and only the server and admins can access those files.

    I don't have 2 separate index files - everything is one file, which has a series of if/else commands to choose what to display.

    I wouldn't use 'header:location' anyway, as that would simply redirect them to the named index file. I'd include the files instead, so that way the index.php is the only thing they get to see.

  4. Thanks to localzuk from:

    MK-2 (17th June 2011)

  5. #19

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    i have a few different things on each index file so prefer having the index-staff and index-student at the mo.
    if i were to use header location, would that just be a sort of "if access=2 header location xxxx" sort of thing?

    cheers for all the help again, really appreciated!

  6. #20

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,529
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    If you use header:location, the end user simply gets redirected to your index-staff.php and they'll be able to see that in the URL bar.

    If you embed those files into your index.php instead, they won't see where they're being sent - they'll just see index.php

  7. #21
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    882
    Thank Post
    84
    Thanked 233 Times in 192 Posts
    Rep Power
    82
    S'also worth having a look at ADLDAP... it's a precompiled PHP script of functions to handle all AD - LDAP stuff (can also create and modify accounts, reset passwords etc etc) adLDAP - LDAP Authentication with PHP for Active Directory

  8. Thanks to Marci from:

    MK-2 (17th June 2011)

  9. #22

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199
    Quote Originally Posted by Marci View Post
    S'also worth having a look at ADLDAP... it's a precompiled PHP script of functions to handle all AD - LDAP stuff (can also create and modify accounts, reset passwords etc etc) adLDAP - LDAP Authentication with PHP for Active Directory
    cool, i might be able to do single user creation through that then! nice one thanks

  10. #23
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    882
    Thank Post
    84
    Thanked 233 Times in 192 Posts
    Rep Power
    82
    You can do everything thru it... it's rather nifty. We can upload a Csv to the site and parse it, feed it thru adldap and do bulk user creation. There ain't much you CAN'T do with it really!

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Sophos - local group membership
    By pantscat in forum How do you do....it?
    Replies: 0
    Last Post: 26th November 2009, 01:15 PM
  2. Replies: 6
    Last Post: 21st June 2009, 11:17 AM
  3. [ASP.net] Show webpage based on group membership
    By MK-2 in forum Web Development
    Replies: 1
    Last Post: 9th April 2009, 11:53 AM
  4. New intranet Page design take a look...
    By Antp in forum Web Development
    Replies: 11
    Last Post: 19th November 2008, 04:38 PM
  5. Group Membership Woes (Need Help)
    By ICTNUT in forum Windows
    Replies: 11
    Last Post: 2nd December 2005, 03:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •