I got this working vs. an Active Directory server with all the users in a "Employees" ou. To make this work, I had to first LOOKUP the username from the XOOPS system and then use a different CN.
Here's the code (you may need to format it yourself):
function LDAPAuthentication($criteria = null)
{
$uid_attr = "sAMAccountName";
$mail_attr = "mail";
$name_attr = "cn";
$ldap_server = "internal.corp.shhhh.com";
$ldap_port = 389;
$base_dn = "ou=employees,dc=corp,dc=shhhh,dc=com";
$timezone_offset = -6;
$ADcn = "";
//echo "Doing LDAPAuthentication!";
$authenticated = false;
//echo "...about to check criteria";
if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
//echo "...criteria check OK, about to try ldap_connect";
$ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server.");
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
//echo "...connect attempt did not die";
if($ds) {
//echo "...bound OK
";
//echo "...looking up user '" . $criteria->criteriaElements[0]->value . "'";
//Lookup of authentication CN
$ldapbind=ldap_bind($ds, "cn=Active Directory Name,ou=employees,dc=corp,dc=shhhh,dc=com", "hardcodedpass");
if($ldapbind) {
$searchstring = "(".$uid_attr."=".$searchstring.$criteria->criteriaElements[0]->value.")";
//echo "...bind OK, looking for '".$searchstring."' on '".$base_dn."'
";
$sr=ldap_search($ds,$base_dn,$searchstring,Array("cn"));
$info = ldap_get_entries($ds, $sr);
if ($info) {
/*
echo "
";
echo "- count()=" . count($info);
for($i=0; $i if (is_array($info[$i])) {
echo "";
for($j=0; $j if (is_array($info[$i][$j])) {
echo "- WHOOPS! TOO DEEP!";
} else {
echo " - [".$i."][".$j."]=".$info[$i][$j];
echo " - [".$i."][".$j."][0]=".$info[$i][$j][0];
}
}
echo "
";
} else {
echo "- [".$i."]=".$info[$i];
}
}
echo "
";
*/
$ADcn = $info[0]["cn"][0];
if (($ADcn == "") || ($ADcn == null)) {
//echo "...did not find CN! (Blank value.)
";
} else {
//echo "...found CN '".$ADcn."'
";
}
} else {
//echo "...did not find CN! (No array.)
";
}
} else {
//echo "...bind FAILED!
";
}
//Authentication
$pass=$criteria->criteriaElements[1]->value;
//$bindstring = $uid_attr . "=" . $criteria->criteriaElements[0]->value;
$bindstring = "cn=" . $ADcn;
$bindstring = $bindstring . "," . $base_dn;
echo "...attempting ldap_bind with strings '".$bindstring."'";
//$ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);
$ldapbind=ldap_bind($ds,$bindstring,$criteria->criteriaElements[1]->value);
//echo "...bind did not die";
if($ldapbind) {
//echo "...bind OK";
$authenticated = true;
// Get info from LDAP (mail,name)
$sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array("givenName",$mail_attr,$name_attr));
$info = ldap_get_entries($ds, $sr);
if($info["count"] == 1) {
// Search user in the DB
$criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value));
$user =& $this->getObjects($criteria, false);
$member_handler =& xoops_gethandler('member');
if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
//echo "
uname=".$criteria->criteriaElements[0]->value;
//echo "
user_avatar="."blank.gif";
//echo "
user_regdate=". time();
//echo "
timezone_offset=". $timezone_offset;
//echo "
actkey=".substr(md5(uniqid(mt_rand(), 1)), 0, 8);
}
else {
$xuser = & $user[0];
}
$xuser->setVar("email",$info[0][$mail_attr][0]);
$xuser->setVar("name",$info[0][$name_attr][0]);
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);
//echo "
email=".$info[0][$mail_attr][0];
//echo "
name=".$info[0][$name_attr][0];
//echo "
pass=".md5($pass);
// Store info in DB (update or insert)
$ret = $this->insert($xuser);
//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}
ldap_close($ds);
}
else {
echo "...NOT bound OK";
//echo "cannot connect to ldap server";
}
}
return $authenticated;
}