/[docman2]/htusers/ldap.php

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /htusers/ldap.php

Parent Directory | Revision Log | View Patch Patch

-revision 1.1 by dpavlin,
Sat Jul 20 13:07:24 2002 UTC
+revision 1.2 by dpavlin,
Mon May 12 17:52:41 2003 UTC
 Line 1
  <?
  /*
          Document manager handling for users in LDAP
                  Created by Will LaSala (will@dahome.org)
-Line 7
+Line 6
                  Belenos INC
                  For use with the DocMgr PHP scripts
-         arguments in docman.conf file are:
+                 Rewritten by Benjamin Baez on May 7, 2003 of platinasystems.com
-         $ldapServer="x.x.x.x";          This can be in Dotted Notation or a DNS FQN
-         $ldapServerPort="389";          This is the default port and doesnt need to be changed
+         Arguments required in docman.conf file are:
-         $basedn="o=CompanyName";        Branch of tree that your search will start on
+         $ldapServer='x.x.x.x';          This can be in Dotted Notation or a DNS FQN
-         $bind="cn=Manager, o=CompanyName";      Login that allows password searching
+         $ldapServerPort='389';          This is the default port and doesnt need to be changed
-         $bindpw="";                     Password for the above account
+         $basedn='o=CompanyName';        Branch of tree that your search will start on
-         LDAP query must return login, password full_name and e-mail
+         Use the following if you want docman to search LDAP for the users dn to
-         In order to do this it may be possible that you may need to modify a section of
+         use in binding:
-         the code below, however this is highly unlikly and usually only a person
+         $bind="cn=Manager, o=CompanyName";      Login for searching dn in LDAP
+         $bindpw="";                                     Password for the above account
+         uid is assumed for the dn of the user, may be cn in some cases
+         LDAP query must return login, md5 password hash, full_name, and e-mail
+         In order to do this it may be possible that you may need to
+         modify a section of the code below,
+         however this is highly unlikly and usually only a person
          that has in-depth knowledge of thier LDAP tree structure will
          even know if they do have to make changes.
          The items that may need to changed are:
-         $entries[0]["cn"][0];           This should return the Full Name
+         $entries[0]['cn'][0];           This should return the Full Name
-         $entries[0]["userpassword"][0]; This should return the Password
+         $entries[0]['mail'][0];         This should return the Email
-         $entries[0]["mail"][0];         This should return the Email
          This file is included early in docman.php and it should return:
          $gblUserName    descriptive username
-         $secHash        md5 hash of joint login and password
+         $secHash                md5 hash of joint login and md5 password hash
-         $gblEmail       e-mail address of user
+         $gblEmail               e-mail address of user
+         Placed @ in front of key ldap function that would send output
+         before php could send out HTTP_AUTH headers, causing inability
+         to relogin
  */
+ // This isset function required so that auth dialog appears
+ if (isset($_SERVER['PHP_AUTH_PW'])) {
+         if (isset($bind)) {
+                 $ds = ldap_connect_search($bind, $bindpw, $ldapServer, $ldapServerPort);
+         } else {
+                 $ds = ldap_connect_bind($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'], $ldapServer, $ldapServerPort, $basedn);
+         }
+         if ($ds) {
+                 $sres = ldap_search($ds, $basedn,'uid='.$_SERVER['PHP_AUTH_USER'],ARRAY('cn','mail'));
+                 if ($sres && isset($bind)) {
+                         $count = ldap_count_entries($ds,$sres);
+                         $entry = ldap_first_entry($ds,$sres);
+                         // $dn = ldap_dn2ufn(ldap_get_dn($ds,$entry)); // Nice presentation
+                         $entry_dn = @ldap_get_dn($ds,$entry);
+                         $password = ldap_verify_bindpw($_SERVER['PHP_AUTH_PW']);
+                         if (@ldap_bind($ds,$entry_dn,$password) && $count > 0) {
+                                 ldap_return_values($ds,$sres);
+                         }
+                 } else if ($sres) {
+                         ldap_return_values($ds,$sres);
+                 } else {
+                 Error('Not Found','LDAP Search returned false');
+                 }
+         ldap_close($ds);
+         }
+ }
- if ($ds = ldap_connect_bind($bind, $bindpw, $ldapServer, $ldapServerPort)) {
+ function ldap_verify_bindpw($password) {
-  $sres = ldap_search($ds, $basedn, "uid=".$GLOBALS[gblLogin]);
+         if(!$password) {
-  If ($sres) {
+                 // generate a bogus password to bind with
-      $entries = ldap_get_entries($ds, $sres);
+                 // if the user doesn't give us one.
-      $gblUserName = $entries[0]["cn"][0]; //Full Name
+                 // this gets around systems that are anonymous search enabled
-      // FIX : it should return md5, right (Dobrica)
+                 // and thus ldap_bind would succeed without a password
-      $secHash     = $entries[0]["userpassword"][0]; //Password
+                 $password = crypt(microtime());
-      $gblEmail    = $entries[0]["mail"][0];  //Email
+         }
-  }else{
+         return $password;
-      Error("Not Found","LDAP Search returned false");
-  }
-  ldap_close($ds);
  }
+ function ldap_return_values($ds,$sres) {
+         GLOBAL $gblUserName,$gblEmail,$secHash;
+         $entries = ldap_get_entries($ds,$sres);
+         // Full Name
+         $gblUserName = $entries[0]['cn'][0];
+         // E-mail
+         $gblEmail = $entries[0]['mail'][0];
+         // Create user hash
+         $secHash=md5($_SERVER['PHP_AUTH_USER'].$_SERVER['PHP_AUTH_PW']);
+ }
+ function ldap_connect_search($bindRDN, $bindpass, $ldapServer, $ldapServerPort) {
+         $linkid = ldap_connect($ldapServer, $ldapServerPort);
+         if ($linkid) {
+                 if (@ldap_bind($linkid, $bindRDN, $bindpass)) {
+                         return $linkid;
+                 } else {
+                         Error('LDAP BIND','Unable to bind to LDAP server with RDN!');
+                         return 0;
+                 }
+         } else {
+                 Error('LDAP CONNECT','Unable to connect to LDAP server!');
+                 return 0;
+         }
+ }
- function ldap_connect_bind($bindRDN, $bindpass, $ldapServer, $ldapServerPort) {
+ function ldap_connect_bind($user, $password, $ldapServer, $ldapServerPort, $basedn) {
-      $linkid = ldap_connect($ldapServer, $ldapServerPort);
+         $linkid = ldap_connect($ldapServer, $ldapServerPort);
-      if ($linkid) {
+         $UserDN = 'uid='.$user.','.$basedn;
-        if (!ldap_bind($linkid, $bindRDN, $bindpass)) {
+         if ($linkid) {
-           Error("LDAP BIND","Unable to bind to LDAP server!");
+                 $password = ldap_verify_bindpw($password);
-           return 0;
+                 if (@ldap_bind($linkid, $UserDN, $password)) {
-        } else {
+                         return $linkid;
-          return $linkid;
+                 } else {
-        }
+                         return 0;
-      } else {
+                 }
-        Error("LDAP CONNECT","Unable to connect to LDAP server!");
+         } else {
-        return 0;
+                 Error('LDAP CONNECT','Unable to connect to LDAP server!');
-      }
+                 return 0;
+         }
  }
  ?>

 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.2
 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.2
-Removed from v.1.1
+Added in v.1.2

	ViewVC Help
Powered by ViewVC 1.1.26