1 |
<? |
2 |
|
3 |
/* |
4 |
Document manager handling for users in LDAP |
5 |
Created by Will LaSala (will@dahome.org) |
6 |
February 10th, 2002 |
7 |
Belenos INC |
8 |
For use with the DocMgr PHP scripts |
9 |
|
10 |
Modified by Benjamin Baez (bbaez@biospectra.com) 2002-12-03 |
11 |
|
12 |
arguments in docman.conf file are: |
13 |
$ldapServer="x.x.x.x"; This can be in Dotted Notation or a DNS FQN |
14 |
$ldapServerPort="389"; This is the default port and doesnt need to be changed |
15 |
$basedn="o=CompanyName"; Branch of tree that your search will start on |
16 |
|
17 |
If you don't enter following two parameters, it |
18 |
will use credentials of user which is logged in! |
19 |
|
20 |
$bind="cn=Manager, o=CompanyName"; Login that allows password searching |
21 |
$bindpw=""; Password for the above account |
22 |
|
23 |
LDAP query must return login, password full_name and e-mail |
24 |
In order to do this it may be possible that you may need to modify a section of |
25 |
the code below, however this is highly unlikly and usually only a person |
26 |
that has in-depth knowledge of thier LDAP tree structure will |
27 |
even know if they do have to make changes. |
28 |
The items that may need to changed are: |
29 |
$entries[0]["cn"][0]; This should return the Full Name |
30 |
$entries[0]["userpassword"][0]; This should return the Password |
31 |
$entries[0]["mail"][0]; This should return the Email |
32 |
|
33 |
This file is included early in docman.php and it should return: |
34 |
$gblUserName descriptive username |
35 |
$gblPw md5 hash of joint login and password |
36 |
$gblEmail e-mail address of user |
37 |
|
38 |
*/ |
39 |
|
40 |
// use hard-coded bind variables in docman.conf |
41 |
if (isset($bind) && isset($bindpw)) { |
42 |
$ds = ldap_connect_bind($bind, $bindpw, $ldapServer, $ldapServerPort)) { |
43 |
$sres = ldap_search($ds, $basedn, "uid=".$PHP_AUTH_USER); |
44 |
If ($sres) { |
45 |
$entries = ldap_get_entries($ds, $sres); |
46 |
$gblUserName = $entries[0]["cn"][0]; //Full Name |
47 |
$gblPw = $entries[0]["userpassword"][0]; //Password |
48 |
$gblEmail = $entries[0]["mail"][0]; //Email |
49 |
} else { |
50 |
Error("Not Found","LDAP Search returned false"); |
51 |
} |
52 |
ldap_close($ds); |
53 |
// use crednetials of user which is currently logged in |
54 |
} elseif (isset($PHP_AUTH_PW)) { // This is required so that auth dialog appears |
55 |
if ($ds = ldap_connect_bind($PHP_AUTH_USER, $PHP_AUTH_PW, $ldapServer, $ldapServerPort, $basedn)) { |
56 |
$sres = ldap_search($ds, $basedn, "uid=".$PHP_AUTH_USER); |
57 |
if ($sres) { |
58 |
$entries = ldap_get_entries($ds, $sres); |
59 |
$gblUserName = $entries[0]["cn"][0]; //Full Name |
60 |
$gblPw = md5($PHP_AUTH_USER.$PHP_AUTH_PW); //Password format for Web Server |
61 |
$gblEmail = $entries[0]["mail"][0]; //Email |
62 |
} else { |
63 |
Error("Not Found","LDAP Search returned false"); |
64 |
} |
65 |
ldap_close($ds); |
66 |
} |
67 |
} |
68 |
|
69 |
|
70 |
function ldap_connect_bind($bindDN_or_user, $passwd, $ldapServer, $ldapServerPort, $basedn) { |
71 |
$linkid = ldap_connect($ldapServer, $ldapServerPort); |
72 |
if (isset($basedn)) { |
73 |
// make a username to bind DN |
74 |
$bindDN_or_user = "uid=".$bindDN_or_user.",".$basedn; |
75 |
} |
76 |
if ($linkid) { |
77 |
if (!@ldap_bind($linkid, $bindDN_or_user, $passwd)) { |
78 |
Error("LDAP BIND","Unable to bind to LDAP server!"); |
79 |
return 0; |
80 |
} else { |
81 |
return $linkid; |
82 |
} |
83 |
} else { |
84 |
Error("LDAP CONNECT","Unable to connect to LDAP server!"); |
85 |
return 0; |
86 |
} |
87 |
} |
88 |
?> |