21
Mithrandir
Re: LDAP authentication

Quote:

hidde wrote:
Hello, This is my first post at this site.

I tried to setup your source code on my server.
But After login submition, the page shows all white and say this message on debug mode.
"Fatal error: Call to undefined function: ldap_connect() in .... user.php"

Could you help me about this probrem?

Thanks in advance.

http://www.php.net/manual/en/ref.ldap.php

22
mercibe
Re: LDAP authentication
  • 2004/10/1 10:38

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hello,

Welcome on board

The problem is that the ldap support of your PHP installation is not activated/installed. If you are working on a Debian system, simply type "apt-get install php4-ldap" for instance. You should find the same kind of package on rpm based distributions. If you are on Windows, please install the "complete" version of PHP with almost all modules embeded.

For your information, the XOOPS 2.1 will allow you to authenticate your users via LDAP, Active Directory, CAS, NIS, etc.

Hope this will help !

Best regards,

Benoit

23
hidde
Re: LDAP authentication
  • 2004/10/1 16:30

  • hidde

  • Just popping in

  • Posts: 4

  • Since: 2004/10/1


Thank you for information.It was a basically problem.

My server runs on solaris and I'll install OpenLDAP and re-configre PHP, and try again your source code.
Thas's so great news about xoops2.1!!

Thanks again.
hidde

24
hidde
Re: LDAP authentication
  • 2004/10/4 9:45

  • hidde

  • Just popping in

  • Posts: 4

  • Since: 2004/10/1


I tried to install OpenLDAP and reconfigured PHP,Apache. But it does not works well.

Warning [PHP]: ldap_bind(): Unable to bind to server: No such object in file ......./kernel/user.php line 487

The line 487 is..
$pass=$criteria->criteriaElements[1]->value; $ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->
criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);


And I also tried to install mod_auth_ldap module into the Apache. But result is same.

I don't know how to resolve this problem. Could you advice me again?

Thanks and regards,
hidde

25
mercibe
RE: ldap_bind problem
  • 2004/10/4 10:09

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Are you sure that the ldap server name and port point to an existing, up and running server ?

var $ldap_server = "my.server.com";
var $ldap_port = 389;

It may arrive that ldap_connect return "true" even if the server is not there...

Can you connect to this server ? I suggest you first try to authenticate to your Server with a standard LDAP GUI Browser. If you are working with Windows, you could use the free Softerra LDAP Browser (http://www.softerra.com/products/ldapbrowser.php) or an OSS one like LDAP explorer (Linux and Windows, http://ldaptool.sourceforge.net/). I tried both with my server before writing these lines so I can tell you that it works.

Do not go further if you are not able to authenticate yourself and browse your AD with one of these tools.


Benoit

26
hidde
RE: ldap_bind problem
  • 2004/10/13 4:34

  • hidde

  • Just popping in

  • Posts: 4

  • Since: 2004/10/1


The LDAP Server which I'm trying to connect is working and connectable. The Server Product is Sun Java System Directory Server (Version unknown).

Regarding LDAP, phpinfo says like below.

ldap
LDAP Support enabled
RCS Version $Id: ldap.c,v 1.130.2.10 2004/06/01 21:05:33 iliaa Exp $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20217


Could you give me some advice?

Best regards,
hidde

27
xxxjonboyxxx
RE: ldap_bind problem

I got this working vs. an Active Directory server with all the users in a "Employees" ou. To make this work, I had to first LOOKUP the username from the XOOPS system and then use a different CN.

Here's the code (you may need to format it yourself):

function LDAPAuthentication($criteria = null)
{
$uid_attr = "sAMAccountName";
$mail_attr = "mail";
$name_attr = "cn";
$ldap_server = "internal.corp.shhhh.com";
$ldap_port = 389;
$base_dn = "ou=employees,dc=corp,dc=shhhh,dc=com";
$timezone_offset = -6;
$ADcn = "";

//echo "Doing LDAPAuthentication!";

$authenticated = false;

//echo "...about to check criteria";

if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

//echo "...criteria check OK, about to try ldap_connect";

$ds=ldap_connect($ldap_server, $ldap_port) or die("Could not connect to LDAP server.");
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

//echo "...connect attempt did not die";

if($ds) {
//echo "...bound OK
";

//echo "...looking up user '" . $criteria->criteriaElements[0]->value . "'";
//Lookup of authentication CN
$ldapbind=ldap_bind($ds, "cn=Active Directory Name,ou=employees,dc=corp,dc=shhhh,dc=com", "hardcodedpass");
if($ldapbind) {
$searchstring = "(".$uid_attr."=".$searchstring.$criteria->criteriaElements[0]->value.")";
//echo "...bind OK, looking for '".$searchstring."' on '".$base_dn."'
";
$sr=ldap_search($ds,$base_dn,$searchstring,Array("cn"));
$info = ldap_get_entries($ds, $sr);
if ($info) {
/*
echo "
    ";
    echo "
  • count()=" . count($info);
    for($i=0; $i if (is_array($info[$i])) {
    echo "
      ";
      for($j=0; $j if (is_array($info[$i][$j])) {
      echo "
    • WHOOPS! TOO DEEP!";
      } else {
      echo "
    • [".$i."][".$j."]=".$info[$i][$j];
      echo "
    • [".$i."][".$j."][0]=".$info[$i][$j][0];
      }
      }
      echo "
    ";
    } else {
    echo "
  • [".$i."]=".$info[$i];
    }
    }
    echo "
";
*/

$ADcn = $info[0]["cn"][0];
if (($ADcn == "") || ($ADcn == null)) {
//echo "...did not find CN! (Blank value.)
";
} else {
//echo "...found CN '".$ADcn."'
";
}
} else {
//echo "...did not find CN! (No array.)
";
}

} else {
//echo "...bind FAILED!
";
}

//Authentication
$pass=$criteria->criteriaElements[1]->value;
//$bindstring = $uid_attr . "=" . $criteria->criteriaElements[0]->value;
$bindstring = "cn=" . $ADcn;
$bindstring = $bindstring . "," . $base_dn;
echo "...attempting ldap_bind with strings '".$bindstring."'";
//$ldapbind=ldap_bind($ds,$uid_attr."=".$criteria->criteriaElements[0]->value.",".$base_dn,$criteria->criteriaElements[1]->value);
$ldapbind=ldap_bind($ds,$bindstring,$criteria->criteriaElements[1]->value);
//echo "...bind did not die";
if($ldapbind) {
//echo "...bind OK";
$authenticated = true;
// Get info from LDAP (mail,name)
$sr=ldap_search($ds,$base_dn,$uid_attr."=".$criteria->criteriaElements[0]->value,Array("givenName",$mail_attr,$name_attr));
$info = ldap_get_entries($ds, $sr);
if($info["count"] == 1) {
// Search user in the DB
$criteria = new CriteriaCompo(new Criteria('uname',$criteria->criteriaElements[0]->value));
$user =& $this->getObjects($criteria, false);

$member_handler =& xoops_gethandler('member');


if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
//echo "
uname=".$criteria->criteriaElements[0]->value;
//echo "
user_avatar="."blank.gif";
//echo "
user_regdate=". time();
//echo "
timezone_offset=". $timezone_offset;
//echo "
actkey=".substr(md5(uniqid(mt_rand(), 1)), 0, 8);
}
else {
$xuser = & $user[0];
}

$xuser->setVar("email",$info[0][$mail_attr][0]);
$xuser->setVar("name",$info[0][$name_attr][0]);
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);

//echo "
email=".$info[0][$mail_attr][0];
//echo "
name=".$info[0][$name_attr][0];
//echo "
pass=".md5($pass);


// Store info in DB (update or insert)
$ret = $this->insert($xuser);

//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}

ldap_close($ds);
}
else {
echo "...NOT bound OK";
//echo "cannot connect to ldap server";
}

}

return $authenticated;


}

28
brash
Re: LDAP authentication
  • 2004/11/2 21:44

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


Quote:

For your information, the XOOPS 2.1 will allow you to authenticate your users via LDAP, Active Directory, CAS, NIS, etc.



Big grin, REAL big grin !! To my mind this will be a HUGE step forward for making XOOPS a very attractive choice for company intranets. Can't wait to get my hands on this babay !

29
seth_sd
Re: LDAP authentication
  • 2004/11/9 22:01

  • seth_sd

  • Friend of XOOPS

  • Posts: 158

  • Since: 2004/11/9


I have succesfully been able to authenticate against Active Directory utilizing the code provided but have a couple of issues.

1. I would like to be able to authenticate users from any of the "OU's" in my Active Directory structure which I have been unable to get working. If I have the following:

$base_dn = "OU=IT,O=org.example.com";

Then only users from "IT" can authenticate.

Is there a way to search from "O=org.example.com" down through the entire tree to authenticate all users?

2.I have only been able to get $uid_attr = "cn"; to work not "$uid_attr = "uid"; .

I am new to PHP but have a couple of other applications succesfully authenticating users across the entire organization with LDAP.

Any suggestions. I don't think I missed anything regarding this in these posts?

30
angryjon
Re: LDAP authentication
  • 2004/12/8 20:53

  • angryjon

  • Just popping in

  • Posts: 2

  • Since: 2004/12/8


you could try something along these lines
Not very elegant but just an idea


//This is just a very basic rough code idea.
//You will have to come up with a precise solution
//That fits your situation
//This is untested code!

function getBaseDnArray(){
$ouArray = array();
//add your OU's here
$ouArray[] = "IT";
$ouArray[] = "ACCOUNTING";
$ouArray[] = "SHIPPING";

$baseDnArray = array();

  for(
$x=0;$x<count($ouArray);$x++){
   
$base_dn[$x] = "OU=".$ouArray[$x].",O=org.example.com";
  }
return 
$baseDnArray;
}


When you call that function you'll get an array of strings to pump into ldap_search( )

I'll bet there is a better way to do this but the above idea would work in a pinch.
Alternately you could objectify the whole scenario to spit custom base dn objects into whatever function the ldap_search() has been wrapped in

Login

Who's Online

462 user(s) are online (328 user(s) are browsing Support Forums)


Members: 0


Guests: 462


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits