Is anyone experienced with LDAP + eDirectory?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Is anyone experienced with LDAP + eDirectory?

Post by PastAustin »

I am working on a huge project for my company where we need to use LDAP to query all our client's organizations, etc. I have LDAP down, however I can't seem to find the correct username / password combination for "Confidential Login". Is there some sort of magic to this, or am I just not doing anything right with the username?
I am entering the password correctly and my username I am entering as:
cn=admin
Is that correct, or do you need the whole shabang? cn=admin, ou=pcsc, o=here. Or do you need to enter it as a NetWare Login fasion? .admin.pcsc.here? anyone have any clues?
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Are you going through the correct sequence ?
ldap_connect() // establish connection to server
|
ldap_bind() // anonymous or authenticated "login"
|
do something like search or update the directory
and display the results
|
ldap_close() // "logout"
This may help.

From the link:

Code: Select all

$user_dn = "administrator@mydomain.myschools.org"; 
$base_dn = "dc=mydomain,dc=myschools,dc=org"; 
$server = "mydomain-71.mydomain.myschools.org"; 

echo $conn = ldap_connect($server); 
echo "AUTH: ". $bind = ldap_bind($conn, $user_dn,"password");
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:Are you going through the correct sequence ?
ldap_connect() // establish connection to server
|
ldap_bind() // anonymous or authenticated "login"
|
do something like search or update the directory
and display the results
|
ldap_close() // "logout"
This may help.

From the link:

Code: Select all

$user_dn = "administrator@mydomain.myschools.org"; 
$base_dn = "dc=mydomain,dc=myschools,dc=org"; 
$server = "mydomain-71.mydomain.myschools.org"; 

echo $conn = ldap_connect($server); 
echo "AUTH: ". $bind = ldap_bind($conn, $user_dn,"password");
I am sure the sequence is correct. Here is my code.

Code: Select all

<?php
$ds=ldap_connect("localhost");
 if ($ds) { 
    $r=ldap_bind($ds, "cn=admin", "********");
 } else {
    echo "<h4>Unable to connect to LDAP server</h4>";
 }
if (count($_POST)<=0) {
?>
<html>
 <head>
  <title>My Little Directory</title>
 </head>
<body>
<form method="post">
<b>o=here</b><br>
search by:<br>
<select name="type">
 <option value="cn">Common Name
 <option value="givenName">Given Name
 <option value="sn">Sirname
 <option value="mail">E-mail
</select><br>
Search For (wildcards work!):<br>
<input name="for"><br><br>
<input type="submit" value="Search!">
</form>
</body>
</html>
<?php
} else {
$sr = ldap_search($ds, "o=here", "(&(objectClass=User)( " . $_POST['type'] . "=" . $_POST['for'] . "))");
$ct=ldap_get_entries($ds, $sr);
echo "Results: " . $ct["count"] . "\n";
?>
<table cellpadding="5" cellspacing="2">
 <tr>
  <td>Given Name</td>
  <td>Initials</td>
  <td>Sirname</td>
  <td>E-Mail</td>
  <td>Common Name</td>
<?php
for ($i=0; $i<$ct["count"]; $i++) {
 echo " <tr>\n";
  echo "  <td>" . $ct[$i]['givenName'] . " </td>\n";
  echo "  <td>" . $ct[$i]['initials'][0] . " </td>\n";
  echo "  <td>" . $ct[$i]['sn'][0] . " </td>\n";
  echo "  <td><a href="mailto:" . $ct[$i]['mail'][0] . "">" . $ct[$i]['mail'][0] . "</a></td>\n";
  echo "  <td>" . $ct[$i]['uid'][0] . " </td>\n";
 echo " </tr>\n";
}
?>
</table>
<?php
}
    ldap_close($ds);
?>
Now you see. Everything works fine (well for some reason I can't grab Common Name or Given Name), except I can't get it to authenticate. All I can get is an anonymous bind, which isn't what I want. This is stupid eDirectory with Novell NetWare 6...so it is a little different than Active Directory. Thanks for the link though. :D
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

To continue on from the example:

Code: Select all

$user_dn = "uid=username,ou=people,dc=mydomain,dc=myschools,dc=org";
$conn = ldap_connect($server); 
$bind = ldap_bind($conn, $user_dn, "password");
Regards,
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:To continue on from the example:

Code: Select all

$user_dn = "uid=username,ou=people,dc=mydomain,dc=myschools,dc=org";
$conn = ldap_connect($server); 
$bind = ldap_bind($conn, $user_dn, "password");
Regards,
Yeah. I saw that. :) Thanks, but no help.
uid=npkrut,ou=pcsc,o=here
no
uid=admin,o=here
no
cn=admin,o=here
no
cn=npkrut,ou=pcsc,o=here
no
It seems that this LDAP server is just working against me. I guess more of what I am looking for is some way to determine who the root user for the LDAP server is on this Novell Machine.
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

I hate LDAP, I've had similar fights in the past, but can't remember the syntax! Sorry.

:(

Regards,
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:I hate LDAP, I've had similar fights in the past, but can't remember the syntax! Sorry.

:(

Regards,
Yeah. I only wish that some things could just be as simple as username and password, eh? Well thanks for the help maybe someone else will spot this and come in and say something and it will smack me in the face how stupid I was being... :!:
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

I'll have a chat to one of our LDAP guys tomorrow (12th June GMT), he works with this stuff quite a bit, I'll post somthing in the AM if you don't get your solution sorted by then ;)
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:I'll have a chat to one of our LDAP guys tomorrow (12th June GMT), he works with this stuff quite a bit, I'll post somthing in the AM if you don't get your solution sorted by then ;)
Thanks a lot man. I have even tried adding a new administrator user. It must be a problem with the format I am entering it with...

I have a pdf file strait from Novell, and the way they say you should connect looks just like mine.

Code: Select all

$ldap = ldap_connect("ldap");
ldap_bind($ldap, "cn=admin,o=yoyodyne", "plaintext");
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Typical!

Have you tried as a unauthorised user ? Do you get anything back ?

Regards,
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:Typical!

Have you tried as a unauthorised user ? Do you get anything back ?

Regards,
I am going to hack my brains out with a toothpick. I was connecting to localhost and for some reason, though the host was on the "Root_services" server it was connecting to 192.168. 42 252 when it was supposed to connect to 192.168.42.250. The whole time I have been looking everywhere for some way to fix this and it turns out it was a stupid mistake, what next?
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Sleep :)
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

Check it out andy!

Code: Select all

<?php
$ds=ldap_connect("192.168.42.250");
$ba="o=here";
 if ($ds) 
  @ldap_bind($ds, "cn=admin, o=here", "********");
 else
  echo "Could not connect LDAP!";
?>
<html>
 <head>
  <title>My Little Directory</title>
<style type="text/css">
<!--
table {
	font-family: Verdana;
	font-size: 10pt;
	color: white;
        padding-left: 25px;
};
input, select {
	filter : alpha(opacity=65);
	border: thin solid;
	background-color : #646464;
	color : #ffffff;
	height : 20px;
	line-height : 45%;
};
-->
</style>
 </head>
<body>
<center>
<table width="75%" height="100%" cellpadding="0" cellspacing="0" border="0">
 <tr>
  <td align="center" valign="center">
<?php
if (count($_POST)<=0) {
?>
<form method="post">
 <table width="75%" height="50%" cellpadding="0" cellspacing="0" border="0" style="border: thin solid; border-color: #3399ff; filter: alpha(opacity=50);" bgcolor="#646464">
  <tr>
   <td><h2>LDAP Query</h2></td>
   <td><b>My Little Directory</b></td>
  </tr>
  <tr>
   <td>Organization: <b>here</b></td>
   <td>Organizational Unit: <select name="ou"><?php
$ju=array("ou");
$sr=ldap_list($ds, $ba, "ou=*", $ju);
$info=ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++)
    echo "<option value="" . $info[$i]["ou"][0] . "">" . $info[$i]["ou"][0] . "</option>";
?><option value="*">All OU's</option></select></td>
  </tr>
  <tr>
   <td>Search By: <select name="type"><?php
$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=njkrut");
$info=ldap_get_entries($ds, $sr);
for ($i=0; $i<$info[0]["count"]; $i++)
    echo "<option value="" . $info[0][$i] . "">" . $info[0][$i] . "</option>";
?></select></td>
   <td>Search for: <input name="for"></td>
  </tr>
  <tr>
   <td><input type="submit" value="Search"></td>
   <td></td>
  </tr>
 </table>
</form>
<?php
} else {
?>
 <table cellpadding="0" cellspacing="0" border="0" style="border: thin solid; border-color: #3399ff; filter: alpha(opacity=50);" bgcolor="#646464">
  <tr>
   <td><h2>LDAP Query</h2></td>
   <td><b>My Little Directory</b></td>
  </tr>
 </table>
 <table cellpadding="0" cellspacing="0" border="0" style="border: thin solid; border-color: #3399ff; filter: alpha(opacity=50);" bgcolor="#646464">
  <tr>
<?php
$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=njkrut");
$info=ldap_get_entries($ds, $sr);
for ($i=0; $i<$info[0]["count"]; $i++) {
    $types[$i] = $info[0][$i];
    echo "   <td>" . $info[0][$i] . "</td>\n";
}
?>
  </tr>
<?php
 if (!strcmp($_POST['ou'],"*")) {
 $sr=ldap_search($ds, "o=here", "(&(" . $_POST['type'] . "=" . $_POST['for'] . ")(objectClass=User))");
 $info=ldap_get_entries($ds, $sr);
 for ($i=0; $i<$info["count"]; $i++) {
echo "  <tr>\n";
  for ($b=0; $b<count($types); $b++) {
     echo "   <td>" . $info[$i][$types[$b]][0] . "</td>\n";
  }
echo "  </tr>\n";
 }
} else {
 $sr=ldap_search($ds, "ou=" . $_POST['ou'] . ", o=here", "(&(" . $_POST['type'] . "=" . $_POST['for'] . ")(objectClass=User))");
 $info=ldap_get_entries($ds, $sr);
 for ($i=0; $i<$info["count"]; $i++) {
echo "  <tr>\n";
  for ($b=0; $b<count($types); $b++) {
     echo "   <td>" . $info[$i][$types[$b]][0] . "</td>\n";
  }
echo "  </tr>\n";
 }
}
?>
 </table>
<?php
}
?>
  </td>
 </tr>
</table>
<center>
</body>
</html>
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Well done PastAustin.

Regards,
Post Reply