/[docman2]/htusers/ldap.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /htusers/ldap.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations)
Mon May 12 17:52:41 2003 UTC (21 years ago) by dpavlin
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +103 -41 lines
new version rewritten by Benjamin Baez

1 dpavlin 1.1 <?
2     /*
3     Document manager handling for users in LDAP
4     Created by Will LaSala (will@dahome.org)
5     February 10th, 2002
6     Belenos INC
7     For use with the DocMgr PHP scripts
8    
9 dpavlin 1.2 Rewritten by Benjamin Baez on May 7, 2003 of platinasystems.com
10    
11     Arguments required in docman.conf file are:
12     $ldapServer='x.x.x.x'; This can be in Dotted Notation or a DNS FQN
13     $ldapServerPort='389'; This is the default port and doesnt need to be changed
14     $basedn='o=CompanyName'; Branch of tree that your search will start on
15    
16     Use the following if you want docman to search LDAP for the users dn to
17     use in binding:
18    
19     $bind="cn=Manager, o=CompanyName"; Login for searching dn in LDAP
20     $bindpw=""; Password for the above account
21    
22     uid is assumed for the dn of the user, may be cn in some cases
23    
24     LDAP query must return login, md5 password hash, full_name, and e-mail
25     In order to do this it may be possible that you may need to
26     modify a section of the code below,
27     however this is highly unlikly and usually only a person
28 dpavlin 1.1 that has in-depth knowledge of thier LDAP tree structure will
29     even know if they do have to make changes.
30     The items that may need to changed are:
31 dpavlin 1.2 $entries[0]['cn'][0]; This should return the Full Name
32     $entries[0]['mail'][0]; This should return the Email
33 dpavlin 1.1
34     This file is included early in docman.php and it should return:
35     $gblUserName descriptive username
36 dpavlin 1.2 $secHash md5 hash of joint login and md5 password hash
37     $gblEmail e-mail address of user
38    
39     Placed @ in front of key ldap function that would send output
40     before php could send out HTTP_AUTH headers, causing inability
41     to relogin
42 dpavlin 1.1
43     */
44 dpavlin 1.2 // This isset function required so that auth dialog appears
45     if (isset($_SERVER['PHP_AUTH_PW'])) {
46     if (isset($bind)) {
47     $ds = ldap_connect_search($bind, $bindpw, $ldapServer, $ldapServerPort);
48     } else {
49     $ds = ldap_connect_bind($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'], $ldapServer, $ldapServerPort, $basedn);
50     }
51     if ($ds) {
52     $sres = ldap_search($ds, $basedn,'uid='.$_SERVER['PHP_AUTH_USER'],ARRAY('cn','mail'));
53     if ($sres && isset($bind)) {
54     $count = ldap_count_entries($ds,$sres);
55     $entry = ldap_first_entry($ds,$sres);
56     // $dn = ldap_dn2ufn(ldap_get_dn($ds,$entry)); // Nice presentation
57     $entry_dn = @ldap_get_dn($ds,$entry);
58     $password = ldap_verify_bindpw($_SERVER['PHP_AUTH_PW']);
59     if (@ldap_bind($ds,$entry_dn,$password) && $count > 0) {
60     ldap_return_values($ds,$sres);
61     }
62     } else if ($sres) {
63     ldap_return_values($ds,$sres);
64     } else {
65     Error('Not Found','LDAP Search returned false');
66     }
67     ldap_close($ds);
68     }
69     }
70 dpavlin 1.1
71 dpavlin 1.2 function ldap_verify_bindpw($password) {
72     if(!$password) {
73     // generate a bogus password to bind with
74     // if the user doesn't give us one.
75     // this gets around systems that are anonymous search enabled
76     // and thus ldap_bind would succeed without a password
77     $password = crypt(microtime());
78     }
79     return $password;
80 dpavlin 1.1 }
81    
82 dpavlin 1.2 function ldap_return_values($ds,$sres) {
83    
84     GLOBAL $gblUserName,$gblEmail,$secHash;
85    
86     $entries = ldap_get_entries($ds,$sres);
87     // Full Name
88     $gblUserName = $entries[0]['cn'][0];
89     // E-mail
90     $gblEmail = $entries[0]['mail'][0];
91     // Create user hash
92     $secHash=md5($_SERVER['PHP_AUTH_USER'].$_SERVER['PHP_AUTH_PW']);
93     }
94    
95     function ldap_connect_search($bindRDN, $bindpass, $ldapServer, $ldapServerPort) {
96     $linkid = ldap_connect($ldapServer, $ldapServerPort);
97     if ($linkid) {
98     if (@ldap_bind($linkid, $bindRDN, $bindpass)) {
99     return $linkid;
100     } else {
101     Error('LDAP BIND','Unable to bind to LDAP server with RDN!');
102     return 0;
103     }
104     } else {
105     Error('LDAP CONNECT','Unable to connect to LDAP server!');
106     return 0;
107     }
108     }
109 dpavlin 1.1
110 dpavlin 1.2 function ldap_connect_bind($user, $password, $ldapServer, $ldapServerPort, $basedn) {
111     $linkid = ldap_connect($ldapServer, $ldapServerPort);
112     $UserDN = 'uid='.$user.','.$basedn;
113     if ($linkid) {
114     $password = ldap_verify_bindpw($password);
115     if (@ldap_bind($linkid, $UserDN, $password)) {
116     return $linkid;
117     } else {
118     return 0;
119     }
120     } else {
121     Error('LDAP CONNECT','Unable to connect to LDAP server!');
122     return 0;
123     }
124 dpavlin 1.1 }
125     ?>

  ViewVC Help
Powered by ViewVC 1.1.26