[PHP] PHP Active Directory?
Folks, I'm trying to validate an email address which is entered in a form field against our Active Directory. I'm using some PHP scripting supplied by http://phpad.sunyday.net/ but it's not working, and the site doesn't seem to be supported anymore. Does anyone have any good method of doing this? Thanks for any info. -Dave
Re: [PHP] PHP Active Directory?
On Mon, 2010-06-21 at 10:59 -0400, David Stoltz wrote: Folks, I'm trying to validate an email address which is entered in a form field against our Active Directory. I'm using some PHP scripting supplied by http://phpad.sunyday.net/ but it's not working, and the site doesn't seem to be supported anymore. Does anyone have any good method of doing this? Thanks for any info. -Dave Have you looked at the LDAP functions? http://php.net/manual/en/ref.ldap.php Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] PHP Active Directory?
On Mon, Jun 21, 2010 at 8:59 AM, David Stoltz dsto...@shh.org wrote: Folks, I'm trying to validate an email address which is entered in a form field against our Active Directory. Does anyone have any good method of doing this? try the adLDAP class - its the chronic http://adldap.sourceforge.net/ -nathan
RE: [PHP] PHP Active Directory?
Awesome – thanks – BTW, what does “it’s the chronic” mean? From: Nathan Nobbe [mailto:quickshif...@gmail.com] Sent: Monday, June 21, 2010 11:27 AM To: David Stoltz Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Active Directory? On Mon, Jun 21, 2010 at 8:59 AM, David Stoltz dsto...@shh.org wrote: Folks, I'm trying to validate an email address which is entered in a form field against our Active Directory. Does anyone have any good method of doing this? try the adLDAP class - its the chronic http://adldap.sourceforge.net/ -nathan
Re: [PHP] PHP Active Directory?
On Mon, Jun 21, 2010 at 9:42 AM, David Stoltz dsto...@shh.org wrote: Awesome – thanks – BTW, what does “it’s the chronic” mean? listen to some dr. dre or come visit me in denver, co :) -nathan
RE: [PHP] PHP Active Directory?
Lol – ok…I guess it’s comparable to “it’s the bomb”…. Thanks ;-) From: Nathan Nobbe [mailto:quickshif...@gmail.com] Sent: Monday, June 21, 2010 11:46 AM To: David Stoltz Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Active Directory? On Mon, Jun 21, 2010 at 9:42 AM, David Stoltz dsto...@shh.org wrote: Awesome – thanks – BTW, what does “it’s the chronic” mean? listen to some dr. dre or come visit me in denver, co :) -nathan
[PHP] Active Directory LDAP Help
Hi All, I am new to LDAP. I want to create user on AD(Active Directory) I have written script to do same, but I am getting Operations error even I am successfully connected to AD and bounded with correct username, password. Also where will I get all attributes with its meanign... which attributes are compulsory... different types of objects like users, groups, organizational units and their attributes ... where will i get all this information? Help appreciated. Thank you. -- Devendra Jadhav
Re: [PHP] Active Directory LDAP Help
Why don't you use linux solutions like RedHat Directory Server or Mandriva Directory Server instead? (LDAP based too) These solutions are scalable, free fully documented on the web, not like this shitty MS AD (but is there a non-shitty MS product :p) This is also much more easier to debugg... (linux...) Devendra Jadhav wrote: Hi All, I am new to LDAP. I want to create user on AD(Active Directory) I have written script to do same, but I am getting Operations error even I am successfully connected to AD and bounded with correct username, password. Also where will I get all attributes with its meanign... which attributes are compulsory... different types of objects like users, groups, organizational units and their attributes ... where will i get all this information? Help appreciated. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Active Directory LDAP Help
The existing Infrastructure is ready. and now at this point of time this is difficult to switch to the Linux based. I love linux but helpless now ... There is not so much information available on php.net On Tue, Oct 6, 2009 at 6:15 PM, Yves Premel-Cabic xavier.pre...@eds.muwrote: Why don't you use linux solutions like RedHat Directory Server or Mandriva Directory Server instead? (LDAP based too) These solutions are scalable, free fully documented on the web, not like this shitty MS AD (but is there a non-shitty MS product :p) This is also much more easier to debugg... (linux...) Devendra Jadhav wrote: Hi All, I am new to LDAP. I want to create user on AD(Active Directory) I have written script to do same, but I am getting Operations error even I am successfully connected to AD and bounded with correct username, password. Also where will I get all attributes with its meanign... which attributes are compulsory... different types of objects like users, groups, organizational units and their attributes ... where will i get all this information? Help appreciated. Thank you. -- Devendra Jadhav
Re: [PHP] Active Directory password change utility in PHP
Another reader on the usenet suggested the followng MS link, which seems pretty helpful: http://support.microsoft.com/kb/269190 saqib http://www.full-disk-encryption.net On 12/13/06, Saqib Ali [EMAIL PROTECTED] wrote: Another reader on the usenet suggested the followng MS link, which seems pretty helpful: http://support.microsoft.com/kb/269190 saqib http://www.full-disk-encryption.net On 12/8/06, Mike Smith [EMAIL PROTECTED] wrote: How about adLDAP (http://adldap.sourceforge.net/). I haven't used 2.0, but it reportedly lets you add/change users. Mike -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Active Directory password change utility in PHP
Hello All, Last year I wrote a small ASP utility which allowed domain users to change their Active Directory password using a web site. The utility used ADSI (Active Directory Service Interfaces) so it was quite easy to implement. However now we would like to integrated this into our LAMP based stack, so I am planning to re-write the application in PHP. Would it be possible to write such a application in PHP? If so, can you please give me some pointers. My other PHP apps talk to AD using LDAP libraries, but I haven't tried password change for a directory that spans multiple domains. Any suggestions would be greatly appreciate. saqib http://www.full-disk-encryption.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Active Directory password change utility in PHP
Hello I use php_ldap (see the php.net/ldap) to authenticate users against a AD server. However, this is the LDAP interface and I don't know if poeple will be allowed to change their password that way... vincent -Original Message- From: Saqib Ali [mailto:[EMAIL PROTECTED] Sent: Thu 7/12/2006 18:45 To: php-general@lists.php.net Subject: [PHP] Active Directory password change utility in PHP Hello All, Last year I wrote a small ASP utility which allowed domain users to change their Active Directory password using a web site. The utility used ADSI (Active Directory Service Interfaces) so it was quite easy to implement. However now we would like to integrated this into our LAMP based stack, so I am planning to re-write the application in PHP. Would it be possible to write such a application in PHP? If so, can you please give me some pointers. My other PHP apps talk to AD using LDAP libraries, but I haven't tried password change for a directory that spans multiple domains. Any suggestions would be greatly appreciate. saqib http://www.full-disk-encryption.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] active directory and PHP
Active Directory is a bastardized LDAP with goofy idiosyncracies to drive you crazy. If you Google for Active Directory LDAP PHP you should find solutions fairly easily... Or so I'm told... Never use AD myself. On Thu, August 17, 2006 5:14 am, Alain Roger wrote: Hi, I'm new to PHP, so sorry if my question looks like stupid. I have a web application which use authorization and authentication process to log-in. I would like to know if it exists a way to synchronize the authentication with our Active Directory domain ? Something like a single side-on. In fact, i want from my web application users to make them remember only their login/pwd from Active directory to use my application. thanks a lot, Alain -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] active directory and PHP
On Fri, August 18, 2006 3:42 pm, Chris W. Parker wrote: Richard Lynch mailto:[EMAIL PROTECTED] on Friday, August 18, 2006 9:47 AM said: Active Directory is a bastardized LDAP with goofy idiosyncracies to drive you crazy. And you're speaking from experience? No, from the umpteen questions on this list about why AD doesn't work right in LDAP. I've never used Oracle either, but I can still parrot the answer to ora_logon after seeing it a few thousand times here... PutEnv(ORA_HOME=/path/to/your/oracle/homedir); [shrug] Nobody says you can't just kill-file me ;-v -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] active directory and PHP
Richard Lynch mailto:[EMAIL PROTECTED] on Friday, August 18, 2006 9:47 AM said: Active Directory is a bastardized LDAP with goofy idiosyncracies to drive you crazy. And you're speaking from experience? Never use AD myself. Oh wait, I guess not... :/ Chris. p.s. I'm just having fun. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] active directory and PHP
Hi, I'm new to PHP, so sorry if my question looks like stupid. I have a web application which use authorization and authentication process to log-in. I would like to know if it exists a way to synchronize the authentication with our Active Directory domain ? Something like a single side-on. In fact, i want from my web application users to make them remember only their login/pwd from Active directory to use my application. thanks a lot, Alain
Re: [PHP] active directory and PHP
On 8/17/06, Alain Roger [EMAIL PROTECTED] wrote: Hi, I'm new to PHP, so sorry if my question looks like stupid. I have a web application which use authorization and authentication process to log-in. I would like to know if it exists a way to synchronize the authentication with our Active Directory domain ? You sure can. Check out http://www.php.net/ldap Even though they are ldap functions they can connect/talk to active directory servers. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] active directory and PHP
On Thursday 17 August 2006 11:35, Michael B Allen wrote: Hi Alain, PlexSSO is by far the best and easiest solution available for PHP SSO with Active Directory. We provide: o Windows Integerated Authentication (WIA) o Script level access to user info like username, home drive, etc. o Script level access control using windows group names Someone else mentioned LDAP but I don't know why because it doesn't provide authentication [1]. For authorization LDAP doesn't automatically perform proper group expansion and is redundant to start with since the Kerberos ticket has the fully expanded groups in it already. Our authorization code very easy to use. An access check looks like: ?php if (plexsso_is_memberof(FOONET\\Managers)) { echo You're a manager.; } ? None of the mod_authz_* Apache modules can do this. These checks are also very fast. Once the SIDs for the groups used in your scripts are cached they're instantaneous. Check us out. It's very affordable (free for 25 users and 25 groups), we're adding major features in our next release, and we bring serious SSO experience to the table. http://www.ioplex.com/ Mike [1] You could proxy the user's username and password to ldap_sasl_bind but aside from being a hack it's not SSO and doesn't scale because it requires communication with the DC whereas Kerberos does not. And it's insecure because you have to cache the users credentials in the user's session. -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ On Thu, 17 Aug 2006 12:14:18 +0200 Alain Roger [EMAIL PROTECTED] wrote: Hi, I'm new to PHP, so sorry if my question looks like stupid. I have a web application which use authorization and authentication process to log-in. I would like to know if it exists a way to synchronize the authentication with our Active Directory domain ? Something like a single side-on. In fact, i want from my web application users to make them remember only their login/pwd from Active directory to use my application. LDAP can authenticate with Active Directory just fine: http://www.google.com/search?hl=enq=php+exchange+ldap+authenticationbtnG=Google+Search or http://www.google.com/search?hl=enlr=q=php+active+directory+ldap+authenticationbtnG=Search The question is how secure is it. You can set up LDAP to use SSL, so that would make it more secure. Kerberos is more secure than LDAP, and you _could_ set it up so that the browser forwards the ticket on to mod_kerb for authentication, thus not needing a sign-on other than to the domain. From my experiences that isn't exactly easy to set up though. -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] active directory and PHP
Hi Alain, PlexSSO is by far the best and easiest solution available for PHP SSO with Active Directory. We provide: o Windows Integerated Authentication (WIA) o Script level access to user info like username, home drive, etc. o Script level access control using windows group names Someone else mentioned LDAP but I don't know why because it doesn't provide authentication [1]. For authorization LDAP doesn't automatically perform proper group expansion and is redundant to start with since the Kerberos ticket has the fully expanded groups in it already. Our authorization code very easy to use. An access check looks like: ?php if (plexsso_is_memberof(FOONET\\Managers)) { echo You're a manager.; } ? None of the mod_authz_* Apache modules can do this. These checks are also very fast. Once the SIDs for the groups used in your scripts are cached they're instantaneous. Check us out. It's very affordable (free for 25 users and 25 groups), we're adding major features in our next release, and we bring serious SSO experience to the table. http://www.ioplex.com/ Mike [1] You could proxy the user's username and password to ldap_sasl_bind but aside from being a hack it's not SSO and doesn't scale because it requires communication with the DC whereas Kerberos does not. And it's insecure because you have to cache the users credentials in the user's session. -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ On Thu, 17 Aug 2006 12:14:18 +0200 Alain Roger [EMAIL PROTECTED] wrote: Hi, I'm new to PHP, so sorry if my question looks like stupid. I have a web application which use authorization and authentication process to log-in. I would like to know if it exists a way to synchronize the authentication with our Active Directory domain ? Something like a single side-on. In fact, i want from my web application users to make them remember only their login/pwd from Active directory to use my application. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] active directory and PHP
On Thu, 17 Aug 2006 11:54:53 -0500 Ray Hauge [EMAIL PROTECTED] wrote: [1] You could proxy the user's username and password to ldap_sasl_bind but aside from being a hack it's not SSO and doesn't scale because it requires communication with the DC whereas Kerberos does not. And it's insecure because you have to cache the users credentials in the user's session. LDAP can authenticate with Active Directory just fine: The question is how secure is it. You can set up LDAP to use SSL, so that would make it more secure. Kerberos is more secure than LDAP, and you _could_ set it up so that the browser forwards the ticket on to mod_kerb for authentication, thus not needing a sign-on other than to the domain. From my experiences that isn't exactly easy to set up though. I didn't say it wouldn't work but people should understand there are numerous problems with using LDAP bind functions as some kind of make-shift authentication serivce. 1) It's insecure. To make it remotely fast enough you would need to store something in the user's session to prevent excessive communication with AD in which case if someone were able to get the user's PHPSESSID, a cookie, or sniff the session id they could gain access to the site (possibly with the user's credentials if those are stored in the session). And whatever you do don't use ldap_bind because those credentials are passed in clear text so a sniffer could collect passwords. At least use ldap_sasl_bind or do a TLS connection. 2) It's slow. Kerberos does not require communication between the web server and AD. With LDAP you would need to communicate with AD at least once for every new session. Otherwise, yeah it would work. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Active Directory Authentification
I have been working on this all day, and am not getting this to work. I am creating an application where a user would authenticate against Active Directory. Yesterday I was able to get PHP to connect to the AD server and display entries using this script. ? // PHP script to connect to the Active Directory Server a return a result // used for testing Active Directory connections. $dn = OU=Staff,OU=LCDC,OU=Anoka-Hennepin,DC=ah,DC=isd11; $attributes = array(displayName, department); $filter = (cn=*); $ad = ldap_connect(ldap://myadserver;) or die(Couldn't connect to AD!); ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); $bd = ldap_bind($ad, CN=Tuller\, Mike,OU=Staff,OU=LCDC,OU=Anoka-Hennepin,DC=ah,DC=isd11,password) or die(Couldn't bind to AD!); $result = ldap_search($ad, $dn, $filter, $attributes); $entries = ldap_get_entries($ad, $result); for ($i=0; $i$entries[count]; $i++) { echo $entries[$i][displayname] [0]., .$entries[$i][department][0].br /; } ldap_unbind($ad); ? Everything lists correctly. I looked on the web, and in the mailing lists, and between the two have come up with this script to authenticate. I have a web page with forms to enter the username and password. ? $dn = 'OU=Staff,OU=LCDC,OU=Anoka-Hennepin,DC=ah,DC=isd11'; function ldap_authenticate() { $username = $_POST['username']; $password = $_POST['password']; if ($username != $password != ) { if (! ($ad = ldap_connect(172.22.1.20))) { die(Could not connect to LDAP server!); } ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); if (! ldap_bind( $ad, CN=Tuller\, Mike,OU=Staff,OU=LCDC,OU=Anoka-Hennepin,DC=ah,DC=isd11, $password)) { die(Unable to bind to server!); } if (! ($r = ldap_search( $ad, $dn, 'cn=' . $username))) { die(Nothing Found!); } if ($r) { $result = ldap_get_entries( $ad, $r); if ($result[0]) { if (ldap_bind( $ds, $result[0][$dn], $password) ) { return $result[0]; } } } } } if (($result = ldap_authenticate()) == NULL) { echo('Authorization Failed'); exit(0); } echo('Authorization success'); print_r($result); ? When I run everything though, I get this error: Warning: ldap_search(): Search: No such object in /Library/Apache2/htdocs/ldap/auth.php on line 23 Nothing Found! I have looked at this for too long, and now am to the point where I am out of ideas. Could someone look at this and see if they can figure out what I am doing wrong here? Thanks, Mike Tuller -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Active Directory
Active Directory has an LDAP interface (from what I hear). Anyway, I use the LDAP interface with our M$ Exchange server here at work to make a phonebook application. As it happens, the LDAP service is listening for requests by default (so you shouldn't have to set it up). The annoying thing is that M$ will insist on using non-standard field names (as defined in the appropriate LDAP RFC). You will have to experiement and/or visit msdn to get more info. Furthermore, they do not support LDAP encryption as per the LDAP V3 spec - they want you to use their propriety dot net bulsh!t. Anyway, as far as code is concerned, I cut/pase from the PHP manual on LDAP. The example code is just what you need. I had no problems and I had zero experience with LDAP. Have fun :-) [TK] -Original Message- From: Sven Jacobs [mailto:[EMAIL PROTECTED]] Sent: Saturday, 2 March 2002 2:39 AM To: [EMAIL PROTECTED] Subject: [PHP] Active Directory Hey All Does anybody have any idea how to authenticate agains a Active Directory Server with PHP ? And if sow : -- How does it work -- What do I need to install -- Some sample code would be nice :-) Kind Regards Sven -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Active Directory
Hey All Does anybody have any idea how to authenticate agains a Active Directory Server with PHP ? And if sow : -- How does it work -- What do I need to install -- Some sample code would be nice :-) Kind Regards Sven