Solution connecting to OpenLDAP directly

2010-05-17
2013-05-20
  • matthieu bretaudeau

    I changed the code of the adLDAP.php file to connect to an OpenLDAP directly. Here is the changed I did for anyone who wants to do the same thing.

    <?php

    // Different type of accounts in AD
    define ('ADLDAP_NORMAL_ACCOUNT', 805306368);
    define ('ADLDAP_WORKSTATION_TRUST', 805306369);
    define ('ADLDAP_INTERDOMAIN_TRUST', 805306370);
    define ('ADLDAP_SECURITY_GLOBAL_GROUP', 268435456);
    define ('ADLDAP_DISTRIBUTION_GROUP', 268435457);
    define ('ADLDAP_SECURITY_LOCAL_GROUP', 536870912);
    define ('ADLDAP_DISTRIBUTION_LOCAL_GROUP', 536870913);

    class openLDAP {

    // this is basically the userBaseDn
           var $_account_suffix="ou=people,dc=sales,dc=com";
           var $_base_dn = "DC=sales,DC=com";

           // An array of ldap server URIs. Specify multiple controllers if you
           var $_domain_controllers = array ("ldap://sales.com");

           var $_real_primarygroup=false;

           var $_recursive_groups=false;

    //other variables
            var $_user_dn;
            var $_user_pass;
            var $_conn;
            var $_bind;

    // default constructor
            function openLDAP(){
                    //connect to the LDAP server as the username/password
                    $this->_conn = ldap_connect($this->random_controller());
                    ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
                    ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0); //disable plain text passwords
                    return true;
            }

            // default destructor
            function __destruct(){ ldap_close ($this->_conn); }

            function random_controller(){
                    //select a random domain controller
                    mt_srand(doubleval(microtime()) * 100000000);
                    return ($this->_domain_controllers);
            }

            // authenticate($username,$password)
            //      Authenticate to the directory with a specific username and password
            //      Extremely useful for validating login credentials
            function authenticate($username,$password){
                    //validate a users login credentials
                    $returnval=false;

                    if ($username!=NULL && $password!=NULL){ //prevent null bind
                            $this->_user_dn="uid=".$username.",".$this->_account_suffix;
                            $this->_user_pass=$password;

                            $this->_bind = @ldap_bind($this->_conn,$this->_user_dn,$this->_user_pass);
                            if ($this->_bind){ $returnval=true; }
                    }
                    return ($returnval);
            }

    I didn't change the end of the file.

     
  • Gerald Schneider

    This doesn't even come close. To use group and user related functions massive changes are required.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks