Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>The general procedure would be (relevant ext/ldap php commands in brackets):</p> <ol> <li><p>connect to LDAP server using the "LDAP Host" and "LDAP port no" (<a href="http://de2.php.net/manual/en/function.ldap-connect.php" rel="noreferrer">ldap_connect()</a>) and set the correct connection options (<a href="http://de2.php.net/manual/en/function.ldap-set-option.php" rel="noreferrer">ldap_set_option()</a>), especially <code>LDAP_OPT_PROTOCOL_VERSION</code> and <code>LDAP_OPT_REFERRALS</code></p></li> <li><p>bind to LDAP server using the "LDAP account to bind" and "LDAP account password" (<a href="http://de2.php.net/manual/en/function.ldap-bind.php" rel="noreferrer">ldap_bind()</a>) - if you're authenticating against an Active Directory server you can directly use the username and password from the login page and skip all the following steps.</p></li> <li><p>search the tree for a matching user entry/object by specifing the "BASE DN" and the appropriate LDAP filter - most likely something like <code>(&amp;(objectClass=user)(sAMAccountName=%s))</code> where <code>%s</code> should be replaced by the username to be authenticated (<a href="http://de2.php.net/manual/en/function.ldap-search.php" rel="noreferrer">ldap_search()</a>)</p></li> <li><p>check if the number of returned entries is 1 (if &lt;> 1 then something has gone wrong, e.g. no user found or multiple users found)</p></li> <li><p>retrive the distinguished name (DN) of this single entry (<a href="http://de2.php.net/manual/en/function.ldap-get-dn.php" rel="noreferrer">ldap_get_dn()</a>)</p></li> <li><p>use the DN found in the last step to try to bind to the LDAP server with the password given at the authentication page (<a href="http://de2.php.net/manual/en/function.ldap-bind.php" rel="noreferrer">ldap_bind()</a>)</p></li> <li><p>if the bind succeeds then everything is OK, if not, most likely the password is wrong</p></li> </ol> <p>It's really not as hard as it sounds at first. Generally I'd propose to use some sort of standard library for authenticating against a LDAP server such as the <a href="http://pear.php.net/package/Net_LDAP2" rel="noreferrer"><code>Net_LDAP2</code></a> PEAR package or <a href="http://framework.zend.com/manual/en/zend.ldap.html" rel="noreferrer"><code>Zend_Ldap</code></a> out of the <a href="http://framework.zend.com/" rel="noreferrer">Zend Framework</a>. I have no experience with actually using <code>Net_LDAP2</code> (although I know the code quite well) but <code>Zend_Ldap</code> works very well against Active Directory servers or ADAMS servers (which is obviously what you're working with).</p> <p>This will do the trick using <code>Zend_Ldap</code>:</p> <pre><code>$options = array( 'host' =&gt; 'ad.blueroom.ac.uk', 'useStartTls' =&gt; true, 'accountDomainName' =&gt; 'blueroom.ac.uk', 'accountCanonicalForm' =&gt; 4, 'baseDn' =&gt; 'ou=bluebird,dc=bluebird,dc=ac,dc=my', ); $ldap = new Zend_Ldap($options); try { $ldap-&gt;bind('user', 'password'); } catch (Zend_Ldap_Exception $e) { // something failed - inspect $e } // bind successful $acctname = $ldap-&gt;getCanonicalAccountName('user', Zend_Ldap::ACCTNAME_FORM_DN); </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POAuthenticating user using LDAP from PHP
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USStefan Gehrig
    1. USStefan Gehrig
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload