Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
9 - 1 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     
add(new Criteria('pass', $pwd)); $authenticated = $this->_uHandler->LDAPAuthentication($ldap_criteria, false); }[/code][/quote]" />

Re: LDAP authentication
by ackbarr on 2004/12/8 21:15:48

I had the same issue (authenticating users across OUs) when implementing the "Authentication Service Hack"

I asked the question and answered it myself:

Forum:: Authenticating Users Across OUs
Re: LDAP authentication
by angryjon on 2004/12/8 20:53:48

you could try something along these lines
Not very elegant but just an idea


le="color: #000000"><?php //This is just a very basic rough code idea. //You will have to come up with a precise solution //That fits your situation //This is untested code! function getBaseDnArray(){ $ouArray = array(); //add your OU's here $ouArray[] = "IT"; $ouArray[] = "ACCOUNTING"; $ouArray[] = "SHIPPING"; $baseDnArray = array(); for($x=0;$x<count($ouArray);$x++){ $base_dn[$x] = "OU=".$ouArray[$x].",O=org.example.com"; } return $baseDnArray; }


When you call that function you'll get an array of strings to pump into ldap_search( )

I'll bet there is a better way to do this but the above idea would work in a pinch.
Alternately you could objectify the whole scenario to spit custom base dn objects into whatever function the ldap_search() has been wrapped in
Re: LDAP authentication
by seth_sd on 2004/11/9 22:01:57

I have succesfully been able to authenticate against Active Directory utilizing the code provided but have a couple of issues.

1. I would like to be able to authenticate users from any of the "OU's" in my Active Directory structure which I have been unable to get working. If I have the following:

$base_dn = "OU=IT,O=org.example.com";

Then only users from "IT" can authenticate.

Is there a way to search from "O=org.example.com" down through the entire tree to authenticate all users?

2.I have only been able to get $uid_attr = "cn"; to work not "$uid_attr = "uid"; .

I am new to PHP but have a couple of other applications succesfully authenticating users across the entire organization with LDAP.

Any suggestions. I don't think I missed anything regarding this in these posts?
Re: LDAP authentication
by brash on 2004/11/2 21:44:59

Quote:

For your information, the XOOPS 2.1 will allow you to authenticate your users via LDAP, Active Directory, CAS, NIS, etc.



Big grin, REAL big grin !! To my mind this will be a HUGE step forward for making XOOPS a very attractive choice for company intranets. Can't wait to get my hands on this babay !
RE: ldap_bind problem
by xxxjonboyxxx on 2004/11/2 20:23:37

I got this working vs. an Active Directory server with all the users in a "Employees" ou. To make this work, I had to first LOOKUP the username from the XOOPS system and then use a different CN.

Here's the code (you may need to format it yourself):

function LDAPAuthentication($criteria = null)
{
$uid_attr = "sAMAccountName";
$mail_attr = "mail";
$name_attr = "cn";
$ldap_server = "internal.corp.shhhh.com";
$ldap_port = 389;
$base_dn = "ou=employees,dc=corp,dc=shhhh,dc=com";
$timezone_offset = -6;
$ADcn = "";

//echo "Doing LDAPAuthentication!";

$authenticated = false;

//echo "...about to check criteria";

if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

//echo "...criteria check OK, about to try ldap_connect";

$ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server.");
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

//echo "...connect attempt did not die";

if($ds) {
//echo "...bound OK<br/>";

//echo "...looking up user '" . $criteria->criteriaElements[0]->value . "'";
//Lookup of authentication CN
$ldapbind=ldap_bind($ds, "cn=Active Directory Name,ou=employees,dc=corp,dc=shhhh,dc=com", "hardcodedpass");
if($ldapbind) {
$searchstring = "(".$uid_attr."=".$searchstring.$criteria->criteriaElements[0]->value.")";
//echo "...bind OK, looking for '".$searchstring."' on '".$base_dn."'<br/>";
$sr=ldap_search($ds,$base_dn,$searchstring,Array("cn"));
$info = ldap_get_entries($ds, $sr);
if ($info) {
/*
echo "<ul>";
echo "<li>count()=" . count($info);
for($i=0; $i<count($info);$i++) {
if (is_array($info[$i])) {
echo "<ul>";
for($j=0; $j<count($info);$j++) {
if (is_array($info[$i][$j])) {
echo "<li>WHOOPS! TOO DEEP!";
} else {
echo "<li>[".$i."][".$j."]=".$info[$i][$j];
echo "<li>[".$i."][".$j."][0]=".$info[$i][$j][0];
}
}
echo "</ul>";
} else {
echo "<li>[".$i."]=".$info[$i];
}
}
echo "</ul>";
*/

$ADcn = $info[0]["cn"][0];
if (($ADcn == "") || ($ADcn == null)) {
//echo "...did not find CN! (Blank value.)<br/>";
} else {
//echo "...found CN '".$ADcn."' <br/>";
}
} else {
//echo "...did not find CN! (No array.)<br/>";
}

} else {
//echo "...bind FAILED!<br/>";
}

//Authentication
$pass=$criteria->criteriaElements[1]->value;
//$bindstring = $uid_attr . "=" . $criteria->criteriaElements[0]->value;
$bindstring = "cn=" . $ADcn;
$bindstring = $bindstring . "," . $base_dn;
echo "...attempting ldap_bind with strings '".$bindstring."'";
//$ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);
$ldapbind=ldap_bind($ds,$bindstring,$criteria->criteriaElements[1]->value);
//echo "...bind did not die";
if($ldapbind) {
//echo "...bind OK";
$authenticated = true;
// Get info from LDAP (mail,name)
$sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array("givenName",$mail_attr,$name_attr));
$info = ldap_get_entries($ds, $sr);
if($info["count"] == 1) {
// Search user in the DB
$criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value));
$user =& $this->getObjects($criteria, false);

$member_handler =& xoops_gethandler('member');


if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
//echo "<br/>uname=".$criteria->criteriaElements[0]->value;
//echo "<br/>user_avatar="."blank.gif";
//echo "<br/>user_regdate=". time();
//echo "<br/>timezone_offset=". $timezone_offset;
//echo "<br/>actkey=".substr(md5(uniqid(mt_rand(), 1)), 0, 8);
}
else {
$xuser = & $user[0];
}

$xuser->setVar("email",$info[0][$mail_attr][0]);
$xuser->setVar("name",$info[0][$name_attr][0]);
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);

//echo "<br/>email=".$info[0][$mail_attr][0];
//echo "<br/>name=".$info[0][$name_attr][0];
//echo "<br/>pass=".md5($pass);


// Store info in DB (update or insert)
$ret = $this->insert($xuser);

//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}

ldap_close($ds);
}
else {
echo "...NOT bound OK";
//echo "cannot connect to ldap server";
}

}

return $authenticated;


}

Who's Online

94 user(s) are online (58 user(s) are browsing Support Forums)


Members: 0


Guests: 94


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits