Hi all
On 15.01.2008, at 18:04, ThomasP wrote:
I was looking into your externauth.php, but could not find any
reference
to ldap. Is there any further code somewhere you have in use?
I missed this thread, so I am not sure if this is interesting for you.
I use a self written piece of php (attachment) to get group members
out of my LDAP directory (Apple OpenDirectory). It will most likely
not work with AD, because AD stores group information inside user
containers.
Use something like this in config.php:
$AuthUser['@editors'] = get_ldap_values("cn=groups", "(cn=GROUP)",
array("memberUid"));
$AuthUser['@admins'] = get_ldap_values("cn=groups",
"(cn=OTHERGROUP)", array("memberUid"));
$DefaultPasswords['edit'] = '@editors';
$DefaultPasswords['attr'] = '@editors';
$DefaultPasswords['upload'] = '@editors';
$DefaultPasswords['admin'] = array('@admins','id:ANOTHERUSER');
Thomas
<?php if (!defined('PmWiki')) exit();
/*
filename: archbook.php
purpose: provide some d-arch specific functionality. my very first cookbook, so, sorry.
copyright: see pmwiki license
created by: thomas gemperli <[EMAIL PROTECTED]>
last modified: 2007-02-08 / gem
*/
// vars
$ldaphost = "ldap://host.domain.tld";; // ldap server (non-ssl: ldap://ldap.example.com, ssl: ldaps://ldap.example.com)
$ldapport = 389; // ldap server's port number (non-ssl: 389, ssl: 636)
$ldapdn = "dc=domain,dc=tld"; // ldap server's dn
// vars used in config.php
$ldapuserdn = "cn=users"; // ldap user dn
$ldapgroupdn = "cn=groups"; // ldap group dn
$ldapuserprefix = "uid"; // ldap user name container
// connect to the ldap server anonymously
function connect_ldap($ldaphost, $ldapport)
{
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ldapconn) {
// specify ldap protocol version 3
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
// bind to ldap server (anonymously)
ldap_bind($ldapconn)
or die("Could not bind ldap to $ldapconn");
}
return $ldapconn;
}
// connect to the ldap server with authentication (unused)
function connect_ldap_auth($ldaphost, $ldapport, $ldapcredential, $ldappass)
{
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ldapconn) {
// specify ldap protocol version 3
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
// bind to ldap server (using credentials)
// a valid $ldapcredential example for an OpenDirectory: "uid=username,cn=users,dc=domain,dc=tld"
$ldapbind = ldap_bind($ldapconn, $ldapcredential, $ldappass)
or die("Could not bind ldap to $ldapconn");
}
return $ldapconn;
}
// disconnect ldap server
function disconnect_ldap($ldapconn)
{
if ($ldapconn) {
ldap_close($ldapconn);
}
}
// get ldap values
function get_ldap_values($searchdn, $filter, $justthese)
{
// sorry. but pmwiki is using globals anyway
global $ldaphost, $ldapport, $ldapdn;
// assemble full searchdn
$ldapsearchdn = "$searchdn,$ldapdn";
// connect ldap
$ldapconn = connect_ldap($ldaphost, $ldapport);
// query ldap
$searchresult = ldap_search($ldapconn, $ldapsearchdn, $filter, $justthese);
// get first returned ldap entry
$entry = ldap_first_entry($ldapconn, $searchresult);
// get all ldap attributes of this entry
$attributes = ldap_get_attributes($ldapconn, $entry);
for ( $i = 0; $i < $attributes['count']; $i++ ) {
// get all ldap values of this attributes
$valuefilter = $attributes[$i];
$values = ldap_get_values($ldapconn, $entry, $valuefilter);
for ( $j=0; $j < $values['count']; $j++ ) {
$returnvalue[$j] = utf8_decode($values[$j]);
}
}
// disconnect ldap
disconnect_ldap($ldapconn);
// return array with attributes
return $returnvalue;
}
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
