1 |
<? |
2 |
/* |
3 |
Document manager handling for users in LDAP |
4 |
Created by Will LaSala (will@dahome.org) |
5 |
February 10th, 2002 |
6 |
Belenos INC |
7 |
For use with the DocMgr PHP scripts |
8 |
|
9 |
Rewritten by Benjamin Baez on May 7, 2003 of platinasystems.com |
10 |
|
11 |
Arguments required in docman.conf file are: |
12 |
$ldapServer='x.x.x.x'; This can be in Dotted Notation or a DNS FQN |
13 |
$ldapServerPort='389'; This is the default port and doesnt need to be changed |
14 |
$basedn='o=CompanyName'; Branch of tree that your search will start on |
15 |
|
16 |
Use the following if you want docman to search LDAP for the users dn to |
17 |
use in binding: |
18 |
|
19 |
$bind="cn=Manager, o=CompanyName"; Login for searching dn in LDAP |
20 |
$bindpw=""; Password for the above account |
21 |
|
22 |
uid is assumed for the dn of the user, may be cn in some cases |
23 |
|
24 |
LDAP query must return login, md5 password hash, full_name, and e-mail |
25 |
In order to do this it may be possible that you may need to |
26 |
modify a section of the code below, |
27 |
however this is highly unlikly and usually only a person |
28 |
that has in-depth knowledge of thier LDAP tree structure will |
29 |
even know if they do have to make changes. |
30 |
The items that may need to changed are: |
31 |
$entries[0]['cn'][0]; This should return the Full Name |
32 |
$entries[0]['mail'][0]; This should return the Email |
33 |
|
34 |
This file is included early in docman.php and it should return: |
35 |
$gblUserName descriptive username |
36 |
$secHash md5 hash of joint login and md5 password hash |
37 |
$gblEmail e-mail address of user |
38 |
|
39 |
Placed @ in front of key ldap function that would send output |
40 |
before php could send out HTTP_AUTH headers, causing inability |
41 |
to relogin |
42 |
|
43 |
*/ |
44 |
// This isset function required so that auth dialog appears |
45 |
if (isset($_SERVER['PHP_AUTH_PW'])) { |
46 |
if (isset($bind)) { |
47 |
$ds = ldap_connect_search($bind, $bindpw, $ldapServer, $ldapServerPort); |
48 |
} else { |
49 |
$ds = ldap_connect_bind($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'], $ldapServer, $ldapServerPort, $basedn); |
50 |
} |
51 |
if ($ds) { |
52 |
$sres = ldap_search($ds, $basedn,'uid='.$_SERVER['PHP_AUTH_USER'],ARRAY('cn','mail')); |
53 |
if ($sres && isset($bind)) { |
54 |
$count = ldap_count_entries($ds,$sres); |
55 |
$entry = ldap_first_entry($ds,$sres); |
56 |
// $dn = ldap_dn2ufn(ldap_get_dn($ds,$entry)); // Nice presentation |
57 |
$entry_dn = @ldap_get_dn($ds,$entry); |
58 |
$password = ldap_verify_bindpw($_SERVER['PHP_AUTH_PW']); |
59 |
if (@ldap_bind($ds,$entry_dn,$password) && $count > 0) { |
60 |
ldap_return_values($ds,$sres); |
61 |
} |
62 |
} else if ($sres) { |
63 |
ldap_return_values($ds,$sres); |
64 |
} else { |
65 |
Error('Not Found','LDAP Search returned false'); |
66 |
} |
67 |
ldap_close($ds); |
68 |
} |
69 |
} |
70 |
|
71 |
function ldap_verify_bindpw($password) { |
72 |
if(!$password) { |
73 |
// generate a bogus password to bind with |
74 |
// if the user doesn't give us one. |
75 |
// this gets around systems that are anonymous search enabled |
76 |
// and thus ldap_bind would succeed without a password |
77 |
$password = crypt(microtime()); |
78 |
} |
79 |
return $password; |
80 |
} |
81 |
|
82 |
function ldap_return_values($ds,$sres) { |
83 |
|
84 |
GLOBAL $gblUserName,$gblEmail,$secHash; |
85 |
|
86 |
$entries = ldap_get_entries($ds,$sres); |
87 |
// Full Name |
88 |
$gblUserName = $entries[0]['cn'][0]; |
89 |
// E-mail |
90 |
$gblEmail = $entries[0]['mail'][0]; |
91 |
// Create user hash |
92 |
$secHash=md5($_SERVER['PHP_AUTH_USER'].$_SERVER['PHP_AUTH_PW']); |
93 |
} |
94 |
|
95 |
function ldap_connect_search($bindRDN, $bindpass, $ldapServer, $ldapServerPort) { |
96 |
$linkid = ldap_connect($ldapServer, $ldapServerPort); |
97 |
if ($linkid) { |
98 |
if (@ldap_bind($linkid, $bindRDN, $bindpass)) { |
99 |
return $linkid; |
100 |
} else { |
101 |
Error('LDAP BIND','Unable to bind to LDAP server with RDN!'); |
102 |
return 0; |
103 |
} |
104 |
} else { |
105 |
Error('LDAP CONNECT','Unable to connect to LDAP server!'); |
106 |
return 0; |
107 |
} |
108 |
} |
109 |
|
110 |
function ldap_connect_bind($user, $password, $ldapServer, $ldapServerPort, $basedn) { |
111 |
$linkid = ldap_connect($ldapServer, $ldapServerPort); |
112 |
$UserDN = 'uid='.$user.','.$basedn; |
113 |
if ($linkid) { |
114 |
$password = ldap_verify_bindpw($password); |
115 |
if (@ldap_bind($linkid, $UserDN, $password)) { |
116 |
return $linkid; |
117 |
} else { |
118 |
return 0; |
119 |
} |
120 |
} else { |
121 |
Error('LDAP CONNECT','Unable to connect to LDAP server!'); |
122 |
return 0; |
123 |
} |
124 |
} |
125 |
?> |