On 3/24/07, Michael B Allen <[EMAIL PROTECTED]> wrote:
On Sat, 24 Mar 2007 10:32:41 +0500 "Back Ports" <[EMAIL PROTECTED]> wrote:> ldap_sasl_auth() doesn't support gssapi either, though my earlier post > to this list ended up on a web site somewhere with a note saying > 'theoretically it's possible'. Not true. The ldap_sasl_bind function does in-fact support GSSAPI binds with at least the Kerberos mech. We have an example script that does it. This is what our code looks like: $px = plexcel_new(NULL, array('putenv_krb5ccname' => TRUE)); if ($px == NULL) die('<pre>' . plexcel_status(NULL) . '</pre>'); if (plexcel_authenticate($px, session_id()) == FALSE) die('<pre>' . plexcel_status($px) . '</pre>'); $ldap = ldap_connect($ldap_server); if ($ldap) { ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if (ldap_sasl_bind($ldap)) { // WARNING: escape special chars in filter like acctmgr.php $srch = ldap_search($ldap, 'DC=example,DC=com', "(cn=$cn)"); if ($srch) { $info = ldap_get_entries($ldap, $srch); for ($i = 0; $i < $info["count"]; $i++) { if (isset($info[$i]['distinguishedname'])) { $resp = 'Success: ' . $info[$i]['distinguishedname'][0]; break; } } } else { $err = "LDAP Error: " . ldap_error($ldap) . "\n"; } } else { $err = "LDAP Error: " . ldap_error($ldap) . "\n"; } ldap_close($ldap); } else { $err = "Error: ldap_connect\n"; } The first 5 lines are specific to our product but if you used mod_auth_kerb instead with the option: KrbSaveCredentials on the ldap_sasl_bind should work with the above code (never tried it but I would be surprised if it didn't work). One thing that I have noticed that does not appear to work is using KRB5_KTNAME to specify a keytab file from which to get credentials (although it may have been the curl extension that I was trying).
Appreciate your detailed example. Let me try the SASL bit. I also read how the mail bit can work in a comment on php.net -- will confirm both of these findings. Again, thanks. Mustafa. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
