LDAP Basics With PHP

PHP is another web application language you know better than I do, but that does not make it hard to use PHP to access a directory.

After installing PHP with the wrappers for the OpenLDAP libraries, I replicated the small LDAP web application posted earlier using Java with JNDI. (PHP version zip download) I had already installed OpenDS SE 2.0, and imported Example.ldif for the data.

For the user, the only changes are the colors and the title.

ready to authenticate

The user kvaughan is present in Example.ldif.

auth success

Here is the PHP code for that:

        <h2>LDAP Authentication Results</h2>
        <p>Return to <a href="index.php">top page</a>.</p><hr />
        <?php
        include 'conf.php';

        $user = htmlspecialchars($_POST['user']);
        $filter = "(|(uid=" . $user . ")" . "(mail=" . $user ."@\*))";

        echo "<p>Equivalent command line:<br /><tt>ldapsearch -h " .
        $server . " -p " . $port . " -b " . $basedn . " \\"" .
        $filter . "\\"</tt></p>";
        echo "<hr />";

        // Connect to the LDAP server.
        $ldapconn = ldap_connect($server, $port) or
        die("Could not connect to " . $server . ":" . $port . ".");

        // Bind anonymously to the LDAP server to search and retrieve DN.
        $ldapbind = ldap_bind($ldapconn) or die("Could not bind anonymously.");
        $result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error.");
        $entries = ldap_get_entries($ldapconn, $result);
        $binddn = $entries[0]["dn"];
        echo "<p>Bind DN found: ". $binddn . "</p>";
        echo "<hr />";

        // Bind again using the DN retrieved. If this bind is successful,
        // then the user has managed to authenticate.
        $ldapbind = ldap_bind($ldapconn, $binddn, $_POST['password']);
        if ($ldapbind) {
            echo "Successful authentication for " . $user . ".";
        } else {
            echo "Failed authentication for " . $user . ".";
        }

        ldap_close($ldapconn);
        ?>
        <hr /><p>Return to <a href="index.php">top page</a>.</p>

Again, searching is even easier.

ready to search

...search results coming up...

search success

Here is the PHP code for the search.

        <h2>LDAP Search Results</h2>
        <p>Return to <a href="index.php">top page</a>.</p><hr />
        <?php
        include 'conf.php';

        // Thanks to http://www.devshed.com/c/a/PHP/Using-PHP-With-LDAP-part-1
        // for inspiration.
        $name = htmlspecialchars($_POST['name']);
        $filter = "(|(cn=\*" . $name . "\*)" . "(sn=\*" . $name ."\*))";

        echo "<p>Equivalent command line:<br /><tt>ldapsearch -h " .
        $server . " -p " . $port . " -b " . $basedn . " \\"" .
        $filter . "\\"</tt></p>";
        echo "<hr />";

        // Connect to the LDAP server.
        $ldapconn = ldap_connect($server, $port) or
        die("Could not connect " . $server . ":" . $port . ".");

        // Bind anonymously to the LDAP server to search.
        $ldapbind = ldap_bind($ldapconn) or die("Could not bind anonymously.");
        $result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error.");
        $entries = ldap_get_entries($ldapconn, $result);

        // Display key data for each entry.
        for ($i=0; $i<$entries["count"]; $i++) {
            echo "<p>DN: " . $entries[$i]["dn"] . "<br />";
            echo "Uid: " . $entries[$i]["uid"][0] . "<br />";
            echo "Email: " . $entries[$i]["mail"][0] . "</p>";
        }

        ldap_close($ldapconn);
        ?>
        <hr /><p>Return to <a href="index.php">top page</a>.</p>
Comments:

Hi i am getting this error

Warning: ldap_search function.ldap-search: Search: No such object in D:\\xampp\\htdocs\\Login\\LDAPBasics\\auth.php

Posted by karthi on June 11, 2010 at 03:33 AM CEST #

Karthi, no such object in response to an LDAP search means the search did not match any LDAP entries. What is the result when you use the ldapsearch command directly? (You'll find an ldapsearch.bat in the bat directory where you installed OpenDS.)

For example, if your directory is listening on port 1389 on the local system and you have loaded the data from the Example.ldif linked to above, the following command should return some LDAP entries:

ldapsearch -p 1389 -b ou=people,dc=example,dc=com "(|(cn=\*carter\*)(sn=\*carter\*))

Posted by Mark Craig on June 11, 2010 at 04:03 AM CEST #

Oops. I meant:

ldapsearch -p 1389 -b ou=people,dc=example,dc=com "(|(cn=\*carter\*)(sn=\*carter\*))"

Posted by Mark Craig on June 11, 2010 at 04:05 AM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today