Re: [PHP] ADS authentication
Hi Ray, Finally I am able to authenticate my user to ADS using php. Thanks for your suggestions. My bind_dn was not correct. After that I have searched and found that using anonymous user we can not search in subtree of directory server. So first I used my credential to bind to directory server and then doing search in subtree. If anybody need my help, I can provide him the code(offlist). Cheers, Kuldeep Ray Hunter wrote: On Tue, 2004-05-11 at 09:16, Kuldeep Singh Tomar wrote: Hi, Sorry for it. Can I get some help on this? Here is what i used to query Exchange...now i am no windowz guru, but from what i understand about exchange and ads exchange will send user information to ads to be authenticated. So my work around was to all user to authenticate against exchange ldap, which in turn sends it to ads. Just a note if the ldap can bind with the supplied username and password then they were authenticated for their information. -- Ray Example: ?php // LDAP variables $ldap[user] = uname; $ldap[pass] = password; $ldap[host] = ldap.example.com; $ldap[port] = 389; $ldap[dn] = cn.$ldap[user].,ou=Department,o=Company Name; $ldap[base] = ; // connecting to ldap $ldap[conn] = ldap_connect( $ldap[host], $ldap[port] ) or die( Could not connect to server {$ldap[host]} ); // binding to ldap $ldap[bind] = ldap_bind( $ldap[conn], $ldap[dn], $ldap[pass] ); if( !$ldap[bind] ) { echo ldap_error( $ldap[conn] ); exit; } // search for the user on the ldap server and return all // the user information $ldap[result] = ldap_search( $ldap[conn], $ldap[base], uid=.$ldap[user] ); if( $ldap[result] ) { // retrieve all the entries from the search result $ldap[info] = ldap_get_entries( $ldap[conn], $ldap[result] ); } else { echo ldap_error( $ldap[conn] ); exit; } if( $ldap[info] ) { // Add the users department name and email address // to the session $_SESSION[userdept] = $ldap[info][0][department][0]; $_SESSION[usermail] = $ldap[info][0][mail][0]; } else { echo ldap_error( $ldap[conn] ); exit; } // close connection to ldap server $ldap_close( $ldap[conn] ); ? -- Kuldeep Singh Tomar Open Source Specialist VCLABS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ADS authentication
On Thu, 2004-05-13 at 08:36, Kuldeep Singh Tomar wrote: Finally I am able to authenticate my user to ADS using php. Thanks for your suggestions. My bind_dn was not correct. After that I have searched and found that using anonymous user we can not search in subtree of directory server. So first I used my credential to bind to directory server and then doing search in subtree. Good to hear...glad you got it working! -- Ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ADS authentication
Hi, Sorry for it. Can I get some help on this? Regards, Kuldeep John Nichel wrote: Kuldeep Singh Tomar wrote: Hi All, I am working on one Document Management System which I am running on linux. I have added this system to win2000 Active Directory server. Now, I want to authenticate my all users for DMS through this Win2k server and search on directory server. So, I am trying to connect to Active Directory server using php-ldap function, but every time it says that my password is not correct. I am using the example given at the site: |function checkNTUser ($username,$password) { $ldapserver = 'Your Server'; $ds=ldap_connect($ldapserver); if ($ds) { $dn=cn=$username,cn=Users, DC=[sitename], DC=[sitesuffix]; [EMAIL PROTECTED]($ds,$dn,$password); if ($r) { return true; } else { return false; } } } I am really in crisis. Can somebody on list help me.Thanks in advance. With Regards, Kuldeep Singh Don't hijack threads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ADS authentication
On Tue, 2004-05-11 at 09:16, Kuldeep Singh Tomar wrote: Hi, Sorry for it. Can I get some help on this? Here is what i used to query Exchange...now i am no windowz guru, but from what i understand about exchange and ads exchange will send user information to ads to be authenticated. So my work around was to all user to authenticate against exchange ldap, which in turn sends it to ads. Just a note if the ldap can bind with the supplied username and password then they were authenticated for their information. -- Ray Example: ?php // LDAP variables $ldap[user] = uname; $ldap[pass] = password; $ldap[host] = ldap.example.com; $ldap[port] = 389; $ldap[dn] = cn.$ldap[user].,ou=Department,o=Company Name; $ldap[base] = ; // connecting to ldap $ldap[conn] = ldap_connect( $ldap[host], $ldap[port] ) or die( Could not connect to server {$ldap[host]} ); // binding to ldap $ldap[bind] = ldap_bind( $ldap[conn], $ldap[dn], $ldap[pass] ); if( !$ldap[bind] ) { echo ldap_error( $ldap[conn] ); exit; } // search for the user on the ldap server and return all // the user information $ldap[result] = ldap_search( $ldap[conn], $ldap[base], uid=.$ldap[user] ); if( $ldap[result] ) { // retrieve all the entries from the search result $ldap[info] = ldap_get_entries( $ldap[conn], $ldap[result] ); } else { echo ldap_error( $ldap[conn] ); exit; } if( $ldap[info] ) { // Add the users department name and email address // to the session $_SESSION[userdept] = $ldap[info][0][department][0]; $_SESSION[usermail] = $ldap[info][0][mail][0]; } else { echo ldap_error( $ldap[conn] ); exit; } // close connection to ldap server $ldap_close( $ldap[conn] ); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ADS authentication
Hi Ray, Thanks for your response. I was trying this script also but no success. I was using following values: $ldap[user] = tomar; $ldap[pass] = passwd; $ldap[host] = dc02-del3.vc-del.vcustomer.com; $ldap[port] = 389; $ldap[dn] = cn.$ldap[user].,ou=Department,o=Company Name; $ldap[base] = ; but still getting same error message: Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/ apache2/htdocs/test6.php on line 14 Do I need to do any specific change at ADS side or any extra parameter in dn side. Had you done any change in ADS server? Thanks again for your help. With Regards, Kuldeep Ray Hunter wrote: On Tue, 2004-05-11 at 09:16, Kuldeep Singh Tomar wrote: Hi, Sorry for it. Can I get some help on this? Here is what i used to query Exchange...now i am no windowz guru, but from what i understand about exchange and ads exchange will send user information to ads to be authenticated. So my work around was to all user to authenticate against exchange ldap, which in turn sends it to ads. Just a note if the ldap can bind with the supplied username and password then they were authenticated for their information. -- Ray Example: ?php // LDAP variables $ldap[user] = uname; $ldap[pass] = password; $ldap[host] = ldap.example.com; $ldap[port] = 389; $ldap[dn] = cn.$ldap[user].,ou=Department,o=Company Name; $ldap[base] = ; // connecting to ldap $ldap[conn] = ldap_connect( $ldap[host], $ldap[port] ) or die( Could not connect to server {$ldap[host]} ); // binding to ldap $ldap[bind] = ldap_bind( $ldap[conn], $ldap[dn], $ldap[pass] ); if( !$ldap[bind] ) { echo ldap_error( $ldap[conn] ); exit; } // search for the user on the ldap server and return all // the user information $ldap[result] = ldap_search( $ldap[conn], $ldap[base], uid=.$ldap[user] ); if( $ldap[result] ) { // retrieve all the entries from the search result $ldap[info] = ldap_get_entries( $ldap[conn], $ldap[result] ); } else { echo ldap_error( $ldap[conn] ); exit; } if( $ldap[info] ) { // Add the users department name and email address // to the session $_SESSION[userdept] = $ldap[info][0][department][0]; $_SESSION[usermail] = $ldap[info][0][mail][0]; } else { echo ldap_error( $ldap[conn] ); exit; } // close connection to ldap server $ldap_close( $ldap[conn] ); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ADS authentication
On Tue, 2004-05-11 at 10:14, Kuldeep Singh Tomar wrote: Hi Ray, Thanks for your response. I was trying this script also but no success. I was using following values: $ldap[user] = tomar; $ldap[pass] = passwd; $ldap[host] = dc02-del3.vc-del.vcustomer.com; $ldap[port] = 389; $ldap[dn] = cn.$ldap[user].,ou=Department,o=Company Name; $ldap[base] = ; but still getting same error message: Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/ apache2/htdocs/test6.php on line 14 You need to make sure that the server is listening on the appropriate port...from what I understand ads might not listen on 389 but on another port. Do I need to do any specific change at ADS side or any extra parameter in dn side. Had you done any change in ADS server? Your dn does need to be different. You need to have the appropriate dn for the user that is binding. I did not connect directly to ads...i connected to exchange and that was the middleware to ads. It was easier doing that then connecting to ads. -- ray -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php