XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk




1
xxxjonboyxxx
RE: ldap_bind problem

I got this working vs. an Active Directory server with all the users in a "Employees" ou. To make this work, I had to first LOOKUP the username from the XOOPS system and then use a different CN.

Here's the code (you may need to format it yourself):

function LDAPAuthentication($criteria = null)
{
$uid_attr = "sAMAccountName";
$mail_attr = "mail";
$name_attr = "cn";
$ldap_server = "internal.corp.shhhh.com";
$ldap_port = 389;
$base_dn = "ou=employees,dc=corp,dc=shhhh,dc=com";
$timezone_offset = -6;
$ADcn = "";

//echo "Doing LDAPAuthentication!";

$authenticated = false;

//echo "...about to check criteria";

if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

//echo "...criteria check OK, about to try ldap_connect";

$ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server.");
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

//echo "...connect attempt did not die";

if($ds) {
//echo "...bound OK<br/>";

//echo "...looking up user '" . $criteria->criteriaElements[0]->value . "'";
//Lookup of authentication CN
$ldapbind=ldap_bind($ds, "cn=Active Directory Name,ou=employees,dc=corp,dc=shhhh,dc=com", "hardcodedpass");
if($ldapbind) {
$searchstring = "(".$uid_attr."=".$searchstring.$criteria->criteriaElements[0]->value.")";
//echo "...bind OK, looking for '".$searchstring."' on '".$base_dn."'<br/>";
$sr=ldap_search($ds,$base_dn,$searchstring,Array("cn"));
$info = ldap_get_entries($ds, $sr);
if ($info) {
/*
echo "<ul>";
echo "<li>count()=" . count($info);
for($i=0; $i<count($info);$i++) {
if (is_array($info[$i])) {
echo "<ul>";
for($j=0; $j<count($info);$j++) {
if (is_array($info[$i][$j])) {
echo "<li>WHOOPS! TOO DEEP!";
} else {
echo "<li>[".$i."][".$j."]=".$info[$i][$j];
echo "<li>[".$i."][".$j."][0]=".$info[$i][$j][0];
}
}
echo "</ul>";
} else {
echo "<li>[".$i."]=".$info[$i];
}
}
echo "</ul>";
*/

$ADcn = $info[0]["cn"][0];
if (($ADcn == "") || ($ADcn == null)) {
//echo "...did not find CN! (Blank value.)<br/>";
} else {
//echo "...found CN '".$ADcn."' <br/>";
}
} else {
//echo "...did not find CN! (No array.)<br/>";
}

} else {
//echo "...bind FAILED!<br/>";
}

//Authentication
$pass=$criteria->criteriaElements[1]->value;
//$bindstring = $uid_attr . "=" . $criteria->criteriaElements[0]->value;
$bindstring = "cn=" . $ADcn;
$bindstring = $bindstring . "," . $base_dn;
echo "...attempting ldap_bind with strings '".$bindstring."'";
//$ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);
$ldapbind=ldap_bind($ds,$bindstring,$criteria->criteriaElements[1]->value);
//echo "...bind did not die";
if($ldapbind) {
//echo "...bind OK";
$authenticated = true;
// Get info from LDAP (mail,name)
$sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array("givenName",$mail_attr,$name_attr));
$info = ldap_get_entries($ds, $sr);
if($info["count"] == 1) {
// Search user in the DB
$criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value));
$user =& $this->getObjects($criteria, false);

$member_handler =& xoops_gethandler('member');


if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
//echo "<br/>uname=".$criteria->criteriaElements[0]->value;
//echo "<br/>user_avatar="."blank.gif";
//echo "<br/>user_regdate=". time();
//echo "<br/>timezone_offset=". $timezone_offset;
//echo "<br/>actkey=".substr(md5(uniqid(mt_rand(), 1)), 0, 8);
}
else {
$xuser = & $user[0];
}

$xuser->setVar("email",$info[0][$mail_attr][0]);
$xuser->setVar("name",$info[0][$name_attr][0]);
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);

//echo "<br/>email=".$info[0][$mail_attr][0];
//echo "<br/>name=".$info[0][$name_attr][0];
//echo "<br/>pass=".md5($pass);


// Store info in DB (update or insert)
$ret = $this->insert($xuser);

//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}

ldap_close($ds);
}
else {
echo "...NOT bound OK";
//echo "cannot connect to ldap server";
}

}

return $authenticated;


}
Topic | Forum



TopTop



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

143 user(s) are online (77 user(s) are browsing Support Forums)

Members: 0

Guests: 143

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits