/[docman2]/htusers/ldap.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /htusers/ldap.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations)
Mon May 12 17:52:41 2003 UTC (20 years, 10 months ago) by dpavlin
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +103 -41 lines
new version rewritten by Benjamin Baez

1 <?
2 /*
3 Document manager handling for users in LDAP
4 Created by Will LaSala (will@dahome.org)
5 February 10th, 2002
6 Belenos INC
7 For use with the DocMgr PHP scripts
8
9 Rewritten by Benjamin Baez on May 7, 2003 of platinasystems.com
10
11 Arguments required in docman.conf file are:
12 $ldapServer='x.x.x.x'; This can be in Dotted Notation or a DNS FQN
13 $ldapServerPort='389'; This is the default port and doesnt need to be changed
14 $basedn='o=CompanyName'; Branch of tree that your search will start on
15
16 Use the following if you want docman to search LDAP for the users dn to
17 use in binding:
18
19 $bind="cn=Manager, o=CompanyName"; Login for searching dn in LDAP
20 $bindpw=""; Password for the above account
21
22 uid is assumed for the dn of the user, may be cn in some cases
23
24 LDAP query must return login, md5 password hash, full_name, and e-mail
25 In order to do this it may be possible that you may need to
26 modify a section of the code below,
27 however this is highly unlikly and usually only a person
28 that has in-depth knowledge of thier LDAP tree structure will
29 even know if they do have to make changes.
30 The items that may need to changed are:
31 $entries[0]['cn'][0]; This should return the Full Name
32 $entries[0]['mail'][0]; This should return the Email
33
34 This file is included early in docman.php and it should return:
35 $gblUserName descriptive username
36 $secHash md5 hash of joint login and md5 password hash
37 $gblEmail e-mail address of user
38
39 Placed @ in front of key ldap function that would send output
40 before php could send out HTTP_AUTH headers, causing inability
41 to relogin
42
43 */
44 // This isset function required so that auth dialog appears
45 if (isset($_SERVER['PHP_AUTH_PW'])) {
46 if (isset($bind)) {
47 $ds = ldap_connect_search($bind, $bindpw, $ldapServer, $ldapServerPort);
48 } else {
49 $ds = ldap_connect_bind($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'], $ldapServer, $ldapServerPort, $basedn);
50 }
51 if ($ds) {
52 $sres = ldap_search($ds, $basedn,'uid='.$_SERVER['PHP_AUTH_USER'],ARRAY('cn','mail'));
53 if ($sres && isset($bind)) {
54 $count = ldap_count_entries($ds,$sres);
55 $entry = ldap_first_entry($ds,$sres);
56 // $dn = ldap_dn2ufn(ldap_get_dn($ds,$entry)); // Nice presentation
57 $entry_dn = @ldap_get_dn($ds,$entry);
58 $password = ldap_verify_bindpw($_SERVER['PHP_AUTH_PW']);
59 if (@ldap_bind($ds,$entry_dn,$password) && $count > 0) {
60 ldap_return_values($ds,$sres);
61 }
62 } else if ($sres) {
63 ldap_return_values($ds,$sres);
64 } else {
65 Error('Not Found','LDAP Search returned false');
66 }
67 ldap_close($ds);
68 }
69 }
70
71 function ldap_verify_bindpw($password) {
72 if(!$password) {
73 // generate a bogus password to bind with
74 // if the user doesn't give us one.
75 // this gets around systems that are anonymous search enabled
76 // and thus ldap_bind would succeed without a password
77 $password = crypt(microtime());
78 }
79 return $password;
80 }
81
82 function ldap_return_values($ds,$sres) {
83
84 GLOBAL $gblUserName,$gblEmail,$secHash;
85
86 $entries = ldap_get_entries($ds,$sres);
87 // Full Name
88 $gblUserName = $entries[0]['cn'][0];
89 // E-mail
90 $gblEmail = $entries[0]['mail'][0];
91 // Create user hash
92 $secHash=md5($_SERVER['PHP_AUTH_USER'].$_SERVER['PHP_AUTH_PW']);
93 }
94
95 function ldap_connect_search($bindRDN, $bindpass, $ldapServer, $ldapServerPort) {
96 $linkid = ldap_connect($ldapServer, $ldapServerPort);
97 if ($linkid) {
98 if (@ldap_bind($linkid, $bindRDN, $bindpass)) {
99 return $linkid;
100 } else {
101 Error('LDAP BIND','Unable to bind to LDAP server with RDN!');
102 return 0;
103 }
104 } else {
105 Error('LDAP CONNECT','Unable to connect to LDAP server!');
106 return 0;
107 }
108 }
109
110 function ldap_connect_bind($user, $password, $ldapServer, $ldapServerPort, $basedn) {
111 $linkid = ldap_connect($ldapServer, $ldapServerPort);
112 $UserDN = 'uid='.$user.','.$basedn;
113 if ($linkid) {
114 $password = ldap_verify_bindpw($password);
115 if (@ldap_bind($linkid, $UserDN, $password)) {
116 return $linkid;
117 } else {
118 return 0;
119 }
120 } else {
121 Error('LDAP CONNECT','Unable to connect to LDAP server!');
122 return 0;
123 }
124 }
125 ?>

  ViewVC Help
Powered by ViewVC 1.1.26