Page 1 of 1
LDAP is still annoying even if I can bind.
Posted: Thu Jun 12, 2003 11:34 am
by PastAustin
I am not sure if anyone has any idea about this at all, the last question I had wasn't quite this specific. I'll let you all know what I am doing. I have a medium sized company about 20 employees, well truth is I have about 5 of these companies. I do not know, but one of Novell's big new pushes is "Novell Single Signon"; Single Signon consists of a client only having to logon once and from then on they are logged in to everything they need to do. All of these clients need individual applications made in PHP. These applications, though on the internal network, it needs to be secure and be employee dependant (Using ACLs). So the plan I have devised is to compare the Novell "DHCP Assigned" IP Address -- which is sent into the "networkaddress" attribute in this form "IP: xxx.xxx.xxx.xxx".The problem I am having is that I try to grab the "networkaddress" attribute from the LDAP database (eDirectory) and instead of returning "IP: xxx.xxx.xxx.xxx", I get "1#ˬ*". Looks like its disgustingly encrypted? I am not an encrypton man, so I have no idea. Help me!
Here is my code:
Code: Select all
<?
$ds=ldap_connect("192.168.42.250");
$ba="o=here";
if ($ds)
@ldap_bind($ds, "cn=admin, o=here", "********");
else
echo "Could not connect LDAP!";
$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=npkrut");
$da=ldap_get_entries($ds, $sr);
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) {
echo $da[0]['networkaddress'][$i];
}
?>
Posted: Thu Jun 12, 2003 12:29 pm
by cactus
Posted: Thu Jun 12, 2003 3:01 pm
by PastAustin
*gives you a cookie*
Code: Select all
<?
$ds=ldap_connect("192.168.42.250");
$ba="o=here";
if ($ds)
@ldap_bind($ds, "cn=admin, o=here", "********");
else
echo "Could not connect LDAP!";
function LDAPNetAddr ($networkaddress) {
/*
Jay Burrell, Systems & Networks, Mississippi State University
NetAddr - extract readable network address from the LDAP encoded networkAddress attribute.
Novell Docs, see: http://developer.novell.com/ndk/doc/nds ... ml#sdk5624
for Address types: http://developer.novell.com/ndk/doc/nds ... k4170.html
LDAP Format, String:
taggedData = uint32String "#" octetstring
byte 0 = uint32String = Address Type: 0= IPX Address; 1 = IP Address
byte 1 = char = "#" - separator
byte 2+ = octetstring - the ordinal value of the address
Note: with eDirectory 8.6.2, the IP address (type 1) returns correctly, however, an IPX address does not seem to. eDir 8.7 may correct this.
*/
$addr = "";
$addrtype = intval(substr($networkaddress, 0, 1));
$networkaddress = substr($networkaddress, 2); // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
$addrtypes = array('IPX', 'IP', 'SDLC', 'Token Ring', 'OSI', 'AppleTalk', 'NetBEUI', 'Socket', 'UDP', 'TCP', 'UDP6', 'TCP6', 'Reserved (12)', 'URL', 'Count');
$len = strlen($networkaddress);
if ($len > 0) {
for ($i=0; $i<$len; $i+=1) {
$byte = substr($networkaddress, $i, 1);
$addr .= ord($byte);
if ($addrtype == 1){ // dot separate IP addresses...
$addr .= ".";
}
}
if ($addrtype == 1) { // strip last period from end of $addr
$addr = substr($addr, 0, strlen($addr)-1);
}
}
else {
$addr .= "address not available.";
}
return ($addrtypes[$addrtype] . ": " . $addr);
}
$sr=ldap_search($ds, "ou=pcsc, o=here", "cn=npkrut");
$da=ldap_get_entries($ds, $sr);
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) {
echo LDAPNetAddr($da[0]['networkaddress'][$i]) . "<br>\n\n";
}
$sr=ldap_search($ds, "o=here", "cn=admin");
$da=ldap_get_entries($ds, $sr);
for($i=0; $i<$da[0]['networkaddress']["count"]; $i++) {
echo LDAPNetAddr($da[0]['networkaddress'][$i]) . "<br>\n\n";
}
?>
Posted: Thu Jun 12, 2003 4:00 pm
by cactus
LOL
This is the other article that I meant to send you the other day, good reading:
http://www.devshed.com/Server_Side/PHP/PHPwithLDAP
Regards,
Posted: Thu Jun 12, 2003 5:29 pm
by PastAustin
Here is the start!
Code: Select all
<?
$ds=ldap_connect("192.168.42.250");
$ba="o=here";
if ($ds)
@ldap_bind($ds, "cn=admin, o=here", "********");
else
echo "Could not connect LDAP!";
function LDAPNetAddrb ($networkaddress) {
$addr = "";
$len = explode(".", $networkaddress);
if (count($len) > 0) {
for ($i=0; $i<count($len); $i++) {
$byte = $len[$i];
$addr .= chr($byte);
}
}
else {
$addr .= "address not available.";
}
return "1#" . $addr;
}
$addr = LDAPNetAddrb($REMOTE_ADDR);
$b = 0;
$sr=ldap_search($ds, "o=here", "(&(|(networkaddress=*)(ou=*))(objectClass=User))");
$da=ldap_get_entries($ds, $sr);
for ($i=0; $i<$da["count"]; $i++)
for($ii=0; $ii<$da[$i]['networkaddress']["count"]; $ii++) {
if (!strcmp($da[$i]['networkaddress'][$ii], $addr))
echo "<h2>Welcome " . $da[$i]['mail'][0] . "!!!</h2>";
$b++;
}
?>
It gets your remote ip address, and compares it to all the ones in the database until it finds a match. I meant to end the loop when that happens. I wanted to run
Code: Select all
$sr=ldap_search($ds, "o=here", "(&(|(networkaddress=" . $addr . ")(ou=*))(objectClass=User))");
however it gives me an error saying Innappropriate matching, probably because it is uint32String encoding which includes * and # characters that I would think need to be escaped or something. If anyone has an answer to that, let me know.