Piwigo ldap php code

General PHP Help
#1

Hi
I don’t know a lot about php but what im trying to do is get the below code which I found somewhere online to authenticate to our active directory using samaccountname not the cn it does work with cn=my name,cn=users,dc=domain,dc=com but not as the user name any help would be greatly appreciated
Thanks
[php]

<?php global $conf; class Ldap { var $cnx; var $config; // for debug public function write_log($message){ @file_put_contents('/var/log/ldap_login.log',$message."\n",FILE_APPEND); } /** * check ldap configuration * * Dans le cas ou l'acces au ldap est anonyme il faut impérativement faire une recherche * pour tester la connection. * * When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect * but just initializes the connecting parameters. The actual connect happens with the next calls * to ldap_* funcs, usually with ldap_bind(). */ public function check_ldap(){ if (!$this->ldap_conn()) { return $this->getErrorString(); } // test du compte root si renseigné if (!empty($this->config['ld_binddn']) && !empty($this->config['ld_bindpw'])){ // if empty ld_binddn, anonymous search // authentication with rootdn and rootpw for search if (!$this->ldap_bind_as($this->config['ld_binddn'],$this->config['ld_bindpw'])){ return $this->getErrorString(); } } else { // sinon recherche du basedn (cf comportement ldap_connect avec OpenLDAP) if (!$this->ldap_check_basedn()){ // search userdn return $this->getErrorString(); } } return true; } public function load_default_config(){ $this->config['host'] = 'localhost'; $this->config['basedn'] = 'dc=example,dc=com'; // racine ! $this->config['usersbranch'] = 'ou=people'; $this->config['groupbranch'] = 'ou=group'; $this->config['ld_search_users'] = False; $this->config['ld_search_groups'] = False; $this->config['port'] = ''; // if port is empty, I count on the software to care of it ! $this->config['ld_attr'] = 'uid'; $this->config['ld_group'] = 'cn'; //$this->config['ld_class'] = 'posixAccount'; $this->config['ld_use_ssl'] = False; $this->config['ld_bindpw'] =''; $this->config['ld_binddn'] =''; $this->config['allow_newusers'] = False; $this->config['advertise_admin_new_ldapuser'] = False; $this->config['send_password_by_mail_ldap'] = False; $this->config['users_group'] = False; $this->config['webmasters_group'] = False; $this->config['admins_group'] = False; } function load_config(){ $this->load_default_config(); // after the default, we can load the actual conf. That way, no holes ! $conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' ); if ($conf_file!==false) { $this->config = unserialize($conf_file); // $this->config['full_usersbranch'] = $this->config['usersbranch'].','.$this->config['basedn']; // $this->config['full_groupbranch'] = $this->config['groupbranch'].','.$this->config['basedn']; // I don't place it in config['..'] because it will save it in the config file, and I don't want that ! $this->full_usersbranch = $this->config['usersbranch'].','.$this->config['basedn']; $this->full_groupbranch = $this->config['groupbranch'].','.$this->config['basedn']; } } function save_config(){ $file = fopen( LDAP_LOGIN_PATH.'/data.dat', 'w' ); fwrite($file, serialize($this->config) ); fclose( $file ); } function ldap_admin_menu($menu){ array_push($menu, array( 'NAME' => 'Ldap Login', 'URL' => get_admin_plugin_menu_link(LDAP_LOGIN_PATH.'/admin.php') ) ); return $menu; } public function ldap_conn(){ if ($this->config['ld_use_ssl'] == 1){ if (empty($this->config['port'])){ $this->config['uri'] = 'ldaps://'.$this->config['host']; } else { $this->config['uri'] = 'ldaps://'.$this->config['host'].':'.$this->config['port']; } } // now, it's without ssl else { if (empty($this->config['port'])){ $this->config['uri'] = 'ldap://'.$this->config['host']; } else { $this->config['uri'] = 'ldap://'.$this->config['host'].':'.$this->config['port']; } } // first, we initializes connection to ldap if ($this->cnx = @ldap_connect($this->config['uri'])){ @ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible // then we authenticate if anonymous search is forbidden if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ $password = strtr($obj->config['ld_bindpw'], array("\'"=>"'")); if (@ldap_bind($this->cnx,$this->config['ld_binddn'],$password)){ return true; } else { return false; } } // if anonymous search is allowed, we still need a fake auth using ldap_bind else { if (@ldap_bind($this->cnx)){ return true; } else { return false; } } } else { return false; } } // return ldap error public function getErrorString(){ return ldap_err2str(ldap_errno($this->cnx)); } // return the name ldap understand public function ldap_name($name){ if ($this->config['ld_search_users']) { return $this->ldap_search_dn($name); } else { return $this->config['ld_attr'].'='.$name.''.$this->full_usersbranch; } } public function ldap_group($groupname){ // this should return an array, even if it's only one ! if ($this->config['ld_search_groups']) { return $this->ldap_search_group($groupname); } else { $result[] = $this->config['ld_group'].'='.$groupname.','.$this->full_groupbranch; return $result; } } // authentication public function ldap_bind_as($user,$user_passwd){ $user_passwd = strtr($user_passwd, array("\'"=>"'")); if (@ldap_bind($this->cnx,$this->ldap_name($user),$user_passwd)){ return true; } return false; } public function ldap_mail($name){ $sr=@ldap_read($this->cnx, $this->ldap_name($name), "(objectclass=*)", array('mail')); $entry = @ldap_get_entries($this->cnx, $sr); if (!empty($entry[0]['mail'])) { return $entry[0]['mail'][0]; } return False; } public function ldap_search_group($to_search){ $ld_group = $this->config['ld_group']; $sr=@ldap_search($this->cnx, $this->full_groupbranch, "($ld_group=$to_search)", array('dn'),0,0); $groups = @ldap_get_entries($this->cnx, $sr); $result = array(); foreach ($groups as $group) { $result[] = $group['dn']; } return $result; } /*$filter="(sAMAccountName=".$user.")"; if(($results=ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn',$this->config['ld_attr'])))!==false) { $firstEntry=ldap_first_entry($this->cnx,$results); if($firstEntry==null) { return false; } else { if(($userDn=ldap_get_dn($this->cnx,$firstEntry))!==false) { if(($isBound=wpDirAuth_bindTest($this->cnx,$userDn,$user_passwd,$this->config['basedn']))===true) { return true; } else { return false; } } } } */ public function ldap_search_dn($to_search){ $ld_attr = $this->config['ld_attr']; if(($results=@ldap_search($this->cnx,$this->config['basedn'],"($ld_attr=$to_search)",array('dn','mail',$ld_attr)))!==false) //$sr= @ldap_search($this->cnx, $this->full_usersbranch, "($ld_attr=$to_search)", array('dn','mail'),0,0); $entry = @ldap_first_entry($this->cnx, $results); if($entry==null) { return false; } else { if(($userDn=ldap_get_dn($this->cnx,$entry))!==false) { return $userDN; } else { return null; } } // if (!empty($entry[0]['dn'])) { // return $entry[0]['dn']; // } // else { return False; } } public function user_membership($user, $groups){ // $groups is an array of groupdn ! (there is a possibility of several groups, we search the user in each of them). foreach ($groups as $groupdn) { $filter = '(objectClass=*)'; $result = @ldap_read($this->cnx,$groupdn,$filter,array('memberUid')); $result2 = @ldap_get_entries($this->cnx, $result); if(isset($result2[0]['memberuid'])){ foreach($result2[0]['memberuid'] as $item){ if ($item == $user){ return True; } } } } return False; } public function ldap_status($username){ if ($this->config['webmasters_group']) { if ($this->user_membership($username,$this->ldap_group($this->config['webmasters_group']))) { // set status to webmaster and quit (more powerfull, no need to get further) return 'webmaster'; } } if ($this->config['admins_group']) { if ($this->user_membership($username,$this->ldap_group($this->config['admins_group']))) { // set status to admin return 'admin'; } } else { return 'normal'; } } public function getAttr(){ $search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=*)", array('*', 'subschemasubentry')); $entries = @ldap_get_entries($this->cnx, $search); } public function getRootDse(){ $search = @ldap_read($this->cnx, NULL, 'objectClass=*', array("*", "+")); $entries = @ldap_get_entries($this->cnx, $search); return $entries[0]; } public function ldap_check_basedn(){ if ($read = @ldap_read($this->cnx,$this->config['basedn'],'(objectClass=*)',array('dn'))){ $entry = @ldap_get_entries($this->cnx, $read); if (!empty($entry[0]['dn'])) { return true; } } return false; } } ?>

[/php]

#2

You may have dove in deep here.

But here’s a more straightforward version:
http://code.activestate.com/recipes/101525-ldap-authentication/
[php]<?php

$ldapconfig[‘host’] = ‘localhost’;
$ldapconfig[‘port’] = NULL;
$ldapconfig[‘basedn’] = ‘dc=localhost,dc=com’;
$ldapconfig[‘authrealm’] = ‘My Realm’;

function ldap_authenticate() {
global $ldapconfig;
global $PHP_AUTH_USER;
global $PHP_AUTH_PW;

if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
    $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
    $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER);
    if ($r) {
        $result = @ldap_get_entries( $ds, $r);
        if ($result[0]) {
            if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
                return $result[0];
            }
        }
    }
}
header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
header('HTTP/1.0 401 Unauthorized');
return NULL;

}

if (($result = ldap_authenticate()) == NULL) {
echo(‘Authorization Failed’);
exit(0);
}
echo(‘Authorization success’);
print_r($result);

?>[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service