LDAP is still annoying even if I can bind.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

LDAP is still annoying even if I can bind.

Post by PastAustin »

I am not sure if anyone has any idea about this at all, the last question I had wasn't quite this specific. I'll let you all know what I am doing. I have a medium sized company about 20 employees, well truth is I have about 5 of these companies. I do not know, but one of Novell's big new pushes is "Novell Single Signon"; Single Signon consists of a client only having to logon once and from then on they are logged in to everything they need to do. All of these clients need individual applications made in PHP. These applications, though on the internal network, it needs to be secure and be employee dependant (Using ACLs). So the plan I have devised is to compare the Novell "DHCP Assigned" IP Address -- which is sent into the "networkaddress" attribute in this form "IP: xxx.xxx.xxx.xxx".The problem I am having is that I try to grab the "networkaddress" attribute from the LDAP database (eDirectory) and instead of returning "IP: xxx.xxx.xxx.xxx", I get "1#ˬ*". Looks like its disgustingly encrypted? I am not an encrypton man, so I have no idea. Help me!
Here is my code:

Code: Select all

<?
$ds=ldap_connect("192.168.42.250");
$ba="o=here";
 if ($ds) 
  @ldap_bind($ds, "cn=admin, o=here", "********");
 else
  echo "Could not connect LDAP!";
$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=npkrut");
$da=ldap_get_entries($ds, $sr);
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) {
 echo $da[0]['networkaddress'][$i];
}
?>
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Back again PastAustin, these may help:

http://forge.novell.com/modules/xfsnipp ... g&lang=105
http://forge.novell.com/modules/xfsnipp ... ppet&id=39

I gunna start charging consultancy fees ;)

Regards,
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

cactus wrote:Back again PastAustin, these may help:

http://forge.novell.com/modules/xfsnipp ... g&lang=105
http://forge.novell.com/modules/xfsnipp ... ppet&id=39

I gunna start charging consultancy fees ;)

Regards,

*gives you a cookie*

Code: Select all

<? 
$ds=ldap_connect("192.168.42.250"); 
$ba="o=here"; 
if ($ds) 
  @ldap_bind($ds, "cn=admin, o=here", "********"); 
else 
  echo "Could not connect LDAP!"; 
function LDAPNetAddr ($networkaddress) { 
/*
    Jay Burrell, Systems & Networks, Mississippi State University

    NetAddr - extract readable network address from the LDAP encoded networkAddress attribute.
    Novell Docs, see: http://developer.novell.com/ndk/doc/nds ... ml#sdk5624
    for Address types: http://developer.novell.com/ndk/doc/nds ... k4170.html
    LDAP Format, String:
       taggedData = uint32String "#" octetstring
       byte 0 = uint32String = Address Type: 0= IPX Address; 1 = IP Address
       byte 1 = char = "#" - separator
       byte 2+ = octetstring - the ordinal value of the address
							
    Note: with eDirectory 8.6.2, the IP address (type 1) returns correctly, however, an IPX address does not seem to.  eDir 8.7 may correct this.
*/

   $addr = "";
   $addrtype = intval(substr($networkaddress, 0, 1));
   $networkaddress = substr($networkaddress, 2);  // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
   $addrtypes = array('IPX', 'IP', 'SDLC', 'Token Ring', 'OSI', 'AppleTalk', 'NetBEUI', 'Socket', 'UDP', 'TCP', 'UDP6', 'TCP6', 'Reserved (12)', 'URL', 'Count');
   $len = strlen($networkaddress);
   if ($len > 0) { 
      for ($i=0; $i<$len; $i+=1) {
         $byte = substr($networkaddress, $i, 1);
         $addr .= ord($byte);
         if ($addrtype == 1){  // dot separate IP addresses...
            $addr .= ".";
         }
     }
    if ($addrtype == 1) {  // strip last period from end of $addr
       $addr = substr($addr, 0, strlen($addr)-1);
    }
    }
    else {
       $addr .= "address not available."; 
    }
    return ($addrtypes[$addrtype] . ": " . $addr);
} 

$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=npkrut"); 
$da=ldap_get_entries($ds, $sr); 
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) { 
echo LDAPNetAddr($da[0]['networkaddress'][$i]) . "<br>\n\n"; 
} 
$sr=ldap_search($ds, "o=here", "cn=admin"); 
$da=ldap_get_entries($ds, $sr); 
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) { 
echo LDAPNetAddr($da[0]['networkaddress'][$i]) . "<br>\n\n"; 
} 
?>
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

LOL :oops:

This is the other article that I meant to send you the other day, good reading:

http://www.devshed.com/Server_Side/PHP/PHPwithLDAP

Regards,
PastAustin
Forum Newbie
Posts: 15
Joined: Wed Jun 11, 2003 11:38 am
Location: Littleton, Colorado
Contact:

Post by PastAustin »

Here is the start! :)

Code: Select all

<? 
$ds=ldap_connect("192.168.42.250"); 
$ba="o=here"; 
if ($ds) 
  @ldap_bind($ds, "cn=admin, o=here", "********"); 
else 
  echo "Could not connect LDAP!"; 

function LDAPNetAddrb ($networkaddress) { 
   $addr = "";
   $len = explode(".", $networkaddress);
   
   if (count($len) > 0) { 
      for ($i=0; $i<count($len); $i++) {
         $byte = $len[$i];
         $addr .= chr($byte);
     }
    }
    else {
       $addr .= "address not available."; 
    }
    return "1#" . $addr;
}
$addr = LDAPNetAddrb($REMOTE_ADDR);
$b = 0;
$sr=ldap_search($ds, "o=here", "(&(|(networkaddress=*)(ou=*))(objectClass=User))"); 
$da=ldap_get_entries($ds, $sr); 
for ($i=0; $i<$da["count"]; $i++)
for($ii=0; $ii<$da[$i]['networkaddress']["count"]; $ii++) { 
 if (!strcmp($da[$i]['networkaddress'][$ii], $addr))
  echo "<h2>Welcome " . $da[$i]['mail'][0] . "!!!</h2>";
$b++;
}
?>
It gets your remote ip address, and compares it to all the ones in the database until it finds a match. I meant to end the loop when that happens. I wanted to run

Code: Select all

$sr=ldap_search($ds, "o=here", "(&(|(networkaddress=" . $addr . ")(ou=*))(objectClass=User))");
however it gives me an error saying Innappropriate matching, probably because it is uint32String encoding which includes * and # characters that I would think need to be escaped or something. If anyone has an answer to that, let me know.
Post Reply