| Re: LDAP authentication |
| by ackbarr on 2004/12/8 21:15:48 I had the same issue (authenticating users across OUs) when implementing the "Authentication Service Hack" I asked the question and answered it myself: Forum:: Authenticating Users Across OUs |
| Re: LDAP authentication |
| by angryjon on 2004/12/8 20:53:48 you could try something along these lines Not very elegant but just an idea le="color: #000000"><?php //This is just a very basic rough code idea. //You will have to come up with a precise solution //That fits your situation //This is untested code! function getBaseDnArray(){ $ouArray = array(); //add your OU's here $ouArray[] = "IT"; $ouArray[] = "ACCOUNTING"; $ouArray[] = "SHIPPING"; $baseDnArray = array(); for($x=0;$x<count($ouArray);$x++){ $base_dn[$x] = "OU=".$ouArray[$x].",O=org.example.com"; } return $baseDnArray; } When you call that function you'll get an array of strings to pump into ldap_search( )I'll bet there is a better way to do this but the above idea would work in a pinch. Alternately you could objectify the whole scenario to spit custom base dn objects into whatever function the ldap_search() has been wrapped in
|
| Re: LDAP authentication |
| by seth_sd on 2004/11/9 22:01:57 I have succesfully been able to authenticate against Active Directory utilizing the code provided but have a couple of issues. 1. I would like to be able to authenticate users from any of the "OU's" in my Active Directory structure which I have been unable to get working. If I have the following: $base_dn = "OU=IT,O=org.example.com"; Then only users from "IT" can authenticate. Is there a way to search from "O=org.example.com" down through the entire tree to authenticate all users? 2.I have only been able to get $uid_attr = "cn"; to work not "$uid_attr = "uid"; . I am new to PHP but have a couple of other applications succesfully authenticating users across the entire organization with LDAP. Any suggestions. I don't think I missed anything regarding this in these posts? |
| Re: LDAP authentication |
| by brash on 2004/11/2 21:44:59 Quote:
Big grin, REAL big grin !! To my mind this will be a HUGE step forward for making XOOPS a very attractive choice for company intranets. Can't wait to get my hands on this babay !
|
| RE: ldap_bind problem |
| by xxxjonboyxxx on 2004/11/2 20:23:37 I got this working vs. an Active Directory server with all the users in a "Employees" ou. To make this work, I had to first LOOKUP the username from the XOOPS system and then use a different CN. Here's the code (you may need to format it yourself): function LDAPAuthentication($criteria = null) { $uid_attr = "sAMAccountName"; $mail_attr = "mail"; $name_attr = "cn"; $ldap_server = "internal.corp.shhhh.com"; $ldap_port = 389; $base_dn = "ou=employees,dc=corp,dc=shhhh,dc=com"; $timezone_offset = -6; $ADcn = ""; //echo "Doing LDAPAuthentication!"; $authenticated = false; //echo "...about to check criteria"; if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) { //echo "...criteria check OK, about to try ldap_connect"; $ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server."); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); //echo "...connect attempt did not die"; if($ds) { //echo "...bound OK<br/>"; //echo "...looking up user '" . $criteria->criteriaElements[0]->value . "'"; //Lookup of authentication CN $ldapbind=ldap_bind($ds, "cn=Active Directory Name,ou=employees,dc=corp,dc=shhhh,dc=com", "hardcodedpass"); if($ldapbind) { $searchstring = "(".$uid_attr."=".$searchstring.$criteria->criteriaElements[0]->value.")"; //echo "...bind OK, looking for '".$searchstring."' on '".$base_dn."'<br/>"; $sr=ldap_search($ds,$base_dn,$searchstring,Array("cn")); $info = ldap_get_entries($ds, $sr); if ($info) { /* echo "<ul>"; echo "<li>count()=" . count($info); for($i=0; $i<count($info);$i++) { if (is_array($info[$i])) { echo "<ul>"; for($j=0; $j<count($info);$j++) { if (is_array($info[$i][$j])) { echo "<li>WHOOPS! TOO DEEP!"; } else { echo "<li>[".$i."][".$j."]=".$info[$i][$j]; echo "<li>[".$i."][".$j."][0]=".$info[$i][$j][0]; } } echo "</ul>"; } else { echo "<li>[".$i."]=".$info[$i]; } } echo "</ul>"; */ $ADcn = $info[0]["cn"][0]; if (($ADcn == "") || ($ADcn == null)) { //echo "...did not find CN! (Blank value.)<br/>"; } else { //echo "...found CN '".$ADcn."' <br/>"; } } else { //echo "...did not find CN! (No array.)<br/>"; } } else { //echo "...bind FAILED!<br/>"; } //Authentication $pass=$criteria->criteriaElements[1]->value; //$bindstring = $uid_attr . "=" . $criteria->criteriaElements[0]->value; $bindstring = "cn=" . $ADcn; $bindstring = $bindstring . "," . $base_dn; echo "...attempting ldap_bind with strings '".$bindstring."'"; //$ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value); $ldapbind=ldap_bind($ds,$bindstring,$criteria->criteriaElements[1]->value); //echo "...bind did not die"; if($ldapbind) { //echo "...bind OK"; $authenticated = true; // Get info from LDAP (mail,name) $sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array("givenName",$mail_attr,$name_attr)); $info = ldap_get_entries($ds, $sr); if($info["count"] == 1) { // Search user in the DB $criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value)); $user =& $this->getObjects($criteria, false); $member_handler =& xoops_gethandler('member'); if (!$user || count($user) != 1) { $xuser =& $member_handler->createUser(); $xuser->setVar("uname",$criteria->criteriaElements[0]->value); $xuser->setVar("user_avatar","blank.gif"); $xuser->setVar('user_regdate', time()); $xuser->setVar('timezone_offset', $timezone_offset); $xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8)); //echo "<br/>uname=".$criteria->criteriaElements[0]->value; //echo "<br/>user_avatar="."blank.gif"; //echo "<br/>user_regdate=". time(); //echo "<br/>timezone_offset=". $timezone_offset; //echo "<br/>actkey=".substr(md5(uniqid(mt_rand(), 1)), 0, 8); } else { $xuser = & $user[0]; } $xuser->setVar("email",$info[0][$mail_attr][0]); $xuser->setVar("name",$info[0][$name_attr][0]); $xuser->setVar("pass",md5($pass)); $xuser->setVar("level",1); $xuser->setVar('notify_method', 2); //echo "<br/>email=".$info[0][$mail_attr][0]; //echo "<br/>name=".$info[0][$name_attr][0]; //echo "<br/>pass=".md5($pass); // Store info in DB (update or insert) $ret = $this->insert($xuser); //Add the user to Registered Users group $member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid')); } } ldap_close($ds); } else { echo "...NOT bound OK"; //echo "cannot connect to ldap server"; } } return $authenticated; } |