SHARE
TWEET

LDAP for UserSpice

anasaz Apr 14th, 2019 (edited) 202 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. set_time_limit(30);
  3. error_reporting(E_ALL);
  4. ini_set('error_reporting', E_ALL);
  5. ini_set('display_errors',1);
  6.  
  7. if($_SERVER['REQUEST_METHOD'] != 'POST') {
  8. ?>
  9. <h2>Login</h2>
  10.  
  11. <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?>" method="post">
  12.     <p><input type="text" name="username" placeholder="Username"></p>
  13.     <p><input type="password" name="password" placeholder="Password"></p>
  14.     <p><input type="submit" value="Login"></p>
  15. </form>
  16.  
  17. example:<br>
  18. guest1:guest1password<br>
  19. guest2:guest2password<br>
  20. guest3:guest3password
  21.  
  22. <?php
  23. } else {
  24.     // config
  25.     $ldapserver = 'www.zflexldap.com';          // from LDAP configuration page inside US
  26.     $ldapAdmin_user   = 'cn=ro_admin,ou=sysadmins,dc=zflexsoftware,dc=com';  // if user has admin search priviliges on all LDAP, then no need to define the whole CN. just the username will be enough // from LDAP configuration page inside US
  27.     $ldapAdmin_pass   = 'zflexpass';            // from LDAP configuration page inside US
  28.     $ldaptree   = "dc=zflexsoftware,dc=com";    // from LDAP configuration page inside US
  29.  
  30.     //$ldapserver = 'xyz.edu';
  31.     //$ldapAdmin_user   = 'adsearch';           // from LDAP configuration page
  32.     //$ldapAdmin_pass   = '';                   // from LDAP configuration page
  33.     //$ldaptree   = "OU=Users,DC=xyz,DC=edu";       // from LDAP configuration page
  34.     $ldapPort = 389;
  35.     $ldapVersion = 3;
  36.     $username = $_POST['username'];         // from login form
  37.     $password = $_POST['password'];         // from login form
  38.     $ldap_search_entry = "(|(cn=$username)(uid=$username))";        // or we can add "mail" if we want to allow users to login with email
  39.     $attribute_mapping_definition = "email:mail,username:uid,fname:givenname,lname:sn";     // map userSpice DB field with LDAP attribute
  40.        
  41.     // prepare attribte mapping array
  42.     $attribute_mapping = array();
  43.     foreach(explode(',',$attribute_mapping_definition) as $am) {
  44.         $fields_mapping = explode(':',$am);
  45.         if(count($fields_mapping) == 2)
  46.             $attribute_mapping[] = array( "us" => $fields_mapping[0], "ldap" => $fields_mapping[1]);
  47.     }
  48.            
  49.     // connect
  50.     //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
  51.     $ldapconn = ldap_connect($ldapserver, $ldapPort) or die("Could not connect to LDAP server.");
  52.     ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, $ldapVersion);
  53.    
  54.     if($ldapconn) {
  55.         // binding to ldap server
  56.         $ldapbindAdmin = ldap_bind($ldapconn, $ldapAdmin_user, $ldapAdmin_pass) or die ("Error trying to bind: ".ldap_error($ldapconn));
  57.         // verify binding
  58.         if ($ldapbindAdmin) {
  59.             echo "LDAP admin bind successful...<br /><br />";
  60.            
  61.             // now we need to search for the logged in username.
  62.            
  63.             $result = ldap_search($ldapconn,$ldaptree, $ldap_search_entry) or die ("Error in search query: ".ldap_error($ldapconn));
  64.             $data = ldap_get_entries($ldapconn, $result);
  65.             $userDN = $data[0]["dn"];
  66.             if(!empty($userDN)) {
  67.                 echo "userDN = $userDN <br>";
  68.                 //Now we need to bind the logged in user
  69.                 $ldapBindUser = ldap_bind($ldapconn, $userDN, $password);
  70.                 if($ldapBindUser){
  71.                     // Show user's data
  72.                     // https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html
  73.                     echo '<pre>';
  74.                     foreach($attribute_mapping as $am) {
  75.                         echo $am['us'].": ".$data[0][$am['ldap']][0].', <br>';
  76.                     }
  77.                     //echo 'Full name: '.$data[0]["displayname"][0].'<br>';
  78.                     //echo 'First name: '.$data[0]["givenname"][0].'<br>';
  79.                     //echo 'Last name: '.$data[0]["sn"][0].'<br>';
  80.                     //echo 'username: '.$data[0]["uid"][0].'<br>';  // use uid,sAMAccountName, or userPrincipalName
  81.                     //echo 'Email: '.$data[0]["mail"][0].'<br>';
  82.                     //echo 'Title: '.$data[0]["title"][0].'<br>';
  83.                     //echo 'Department: '.$data[0]["department"][0].'<br>';
  84.                     //echo 'Employee #: '.$data[0]["employeeid"][0].'<br>';
  85.                     echo '</pre>';
  86.                 } else {
  87.                     echo "LDAP user bind failed... (not athenticated)";            
  88.                 }
  89.                 //echo '<h1>Dump all data</h1><pre>';
  90.                 //print_r($data);
  91.                 //echo '</pre>';
  92.             } else {
  93.                 echo "LDAP user bind failed... (user not found)";
  94.             }
  95.         } else {
  96.             echo "LDAP admin bind failed...";
  97.         }
  98.  
  99.     }
  100.  
  101.     // all done? clean up
  102.     ldap_close($ldapconn);
  103. }
  104. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top