Page 1 of 2
LDAP asp.net to php conversion help
Posted: Mon Jul 27, 2009 11:03 am
by dajohnson1s
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:
Posting Code in the Forums to learn how to do it too.
Hello,
This is my first post, and apologies if I posted in the incorrect forum.
I have developed an application for inter University communication, and as it stands currently, it is sitting unprotected on the network. There are a few 'remove/delete' features I want to enable, but am waiting until I get a login working.
I spoke with our IT department about authentication with Active Directory (so I don't have to maintain my own DB of user/passwords). After giving me a script in VB.net, they let me know I am on my own with the php stuff.
Here is what they have given me:
Code: Select all
For asp login pages, we supply the following:
strADsPath = "LDAP://domain"
Set oLDAP = GetObject("LDAP:")
Set oUser = oLDAP.OpenDSObject(strADsPath, strKey, strPassword, 1)
I have spent the morning trying to decode this little bit, but my inexperience is showing.
This is what I have thus far:
Code: Select all
<?php
$adServer = "LDAP://domain";
$ldapconn = ldap_connect($adServer)
or die("Could not connect to LDAP server.");
$ldaprdn = $adServer . "\\" . $_REQUEST['email'];
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $_REQUEST['password']);
if ($ldapbind) {
$msg = "Successfully Authenticated";
} else {
$msg = "Invalid email address / password";
}
echo $msg;
?>
I keep getting a "cannot locate server" on the line where the Bind function is called. I believe it has something to do with the credentials being passed. I noticed in a few examples, that there are cn="username", dn="domain", dn="edu"...but I am unsure if I need that.
I would appreciate some guidance.
Thanks in advance.
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:
Posting Code in the Forums to learn how to do it too.
Re: LDAP asp.net to php conversion help
Posted: Mon Jul 27, 2009 1:44 pm
by omniuni
See if you can get it to work with a hard coded user and password. Also, I'd say to try $_POST instead of $_REQUEST although it technically should not matter, use "ldap://" instead of "LDAP://", and um... let me know how that goes, and I'll do some more research.
Re: LDAP asp.net to php conversion help
Posted: Mon Jul 27, 2009 2:19 pm
by dajohnson1s
omniuni,
Thanks for the suggestion, I tried it...still same error.
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in /var/directory.../ on line 8
Not sure if this has any importance, but I am using Ubuntu server 8.10. I am going to look into if there is anything that I need to configure on the server. I know php has ldap support, but apache may need something as well.
Re: LDAP asp.net to php conversion help
Posted: Mon Jul 27, 2009 2:20 pm
by pickle
What is the value of "strKey" in the ASP example? That's likely what you'll need your $ldaprdn variable to be.
I don't think Apache needs LDAP support. It's probably just a problem with how you're trying to connect.
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 11:48 am
by dajohnson1s
Pickle,
Believe it or not, that is all IT had given me. Fortunately, they use this script all over campus, so I actually found it myself.
Code: Select all
strKey = request.Form("UID")
strPassword = request.Form("PWD")
So I am basically doing the same thing. And after looking up a few examples for .net, nothing I have found is as simple as theirs.
Code: Select all
Dim dso As IADsOpenDSObject
Dim obj1, obj2 As IADs
Dim szUsername As String
Dim szPassword As String
Set dso = GetObject("LDAP:")
' Insert code securely.
' Supply full credentials to initiate a server connection.
Set obj1 = dso.OpenDSObject( _
"LDAP://server1/CN=Dept1,DC=Fabrikam,DC=com", _
szUsername, _
szPassword, _
ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
See, this is my confusion. When I read and look at examples for php, ALL of them have cn=...dn=example,dn=com. Any suggestions??
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 1:45 pm
by omniuni
Hmm, try this, and let me know if you get any errors. It's not really very changed, but I separated the $email and $password and used $_POST just to better trace what's going on. Also, try setting the values explicitly, just to make sure everything is getting pulled correctly. Oh, and I added stripslahes in case the user or password has special characters.
Code: Select all
<?php
$server = "example.com"; //no LDAP://
$ldapResource = ldap_connect($server)
or die("Could not connect to LDAP server.");
$email = stripslashes($_POST['email']);
$pass = stripslashes($_POST['password']);
$ldaprdn = $server."\\".$email;
$ldapBind = ldap_bind($ldapResource, $ldaprdn, $pass);
if ($ldapbind) {
$msg = "Successfully Authenticated";
} else {
$msg = "Invalid email address / password"
}
echo $msg;
?>
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 2:07 pm
by dajohnson1s
omniuni,
Thanks for your help, it still giving the same error (tried everything suggested multiple times). I think it has something to do with the data I was given from IT. Unfortunately, the guy in charge is on vacation for the week. So I will have to put it on hold.
I did ask for an ldap entry, so we will see how that is set up. I may be trying to validate the wrong info, or there maybe a need to supply more data.
My understanding is the the rdn (username) can have multiple parts, including organization, domain, given name...ect. After taking a look at the entry, we will see.
For a while I had thought that maybe I need a secure connection, but I looked at the asp.net script, they are passing the passwords in plain text...so probably not.
I will probably be asking again in a week when the guy gets back from vacation.
Thanks again.
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 2:27 pm
by pickle
The cn=blah,ou=Blah,o=BlahCompany stuff is just how the directory server is organized - I don't think it's language dependent. I think it's dependent on the directory service.
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 2:34 pm
by omniuni
dajohnson1s wrote:...I looked at the asp.net script, they are passing the passwords in plain text...so probably not.
Plain text? At an educational instution? This does not sound very well set up at all! I would be extremely annoyed if my University was using a setup like that. (We have a pretty cool cross-platform authentication system that was developed several years ago.)
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 2:46 pm
by dajohnson1s
I actually had posted this on our 'rumor mill' and there was a backlash for it. Being a student, I can't complain a whole lot...but I find it ironic that the 'Powers that be' want to treat the University as a business....but not run it like one.
By the way, found out my issue. The domain they gave me for the ldap server was incorrect. So I actually my original code works (in case it helps somebody else out).
Thanks everybody for your suggestions.
Re: LDAP asp.net to php conversion help
Posted: Tue Jul 28, 2009 3:13 pm
by omniuni
You're welcome! I'd still recommend getting rid of $_REQUEST, but it's good to know it works. Come on back any time you have a question, or to help answer questions!
Re: LDAP asp.net to php conversion help
Posted: Wed Jul 29, 2009 11:28 am
by dajohnson1s
omniuni,
I am still pretty new to php, so I would like to know, why do you suggest getting rid of the $_REQUEST[]? Previously I was using the GET/POST, but I was advised to use the REQUEST due to it handling both options.
Thanks
Re: LDAP asp.net to php conversion help
Posted: Wed Jul 29, 2009 11:43 am
by omniuni
Basically, organizational issues. REQUEST contains GET, POST, and COOKIE information, (FILES was later removed). It is possible to send the same named value via both GET and POST at the same time. If you don't know where your data is coming from, use REQUEST, but otherwise, use the specific array. Technically speaking, there should be no difference in using REQUEST as apposed to GET or POST, but in practice, it can lead to confusion later on.
Re: LDAP asp.net to php conversion help
Posted: Wed Jul 29, 2009 12:18 pm
by VladSun
omniuni wrote:Basically, organizational issues. REQUEST contains GET, POST, and COOKIE information, (FILES was later removed). It is possible to send the same named value via both GET and POST at the same time. If you don't know where your data is coming from, use REQUEST, but otherwise, use the specific array. Technically speaking, there should be no difference in using REQUEST as apposed to GET or POST, but in practice, it can lead to confusion later on.
me before:
viewtopic.php?f=1&t=89534
me after:
viewtopic.php?f=1&t=93547
Re: LDAP asp.net to php conversion help
Posted: Fri Jul 31, 2009 12:01 am
by dajohnson1s
Thanks for the links. I was thinking almost exactly what was suggested in one of them...but doubted my experience and went against my own judgment.
I had run into another issue, but I will start a new thread since my original issue is now solved.
Thanks everybody
