API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 14th, 2019
390
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.17 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. set_time_limit(30);
  3. error_reporting(E_ALL);
  4. ini_set('error_reporting', E_ALL);
  5. ini_set('display_errors',1);
  6.  
  7. if($_SERVER['REQUEST_METHOD'] != 'POST') {
  8. ?>
  9. <h2>Login</h2>
  10.  
  11. <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?>" method="post">
  12.     <p><input type="text" name="username" placeholder="Username"></p>
  13.     <p><input type="password" name="password" placeholder="Password"></p>
  14.     <p><input type="submit" value="Login"></p>
  15. </form>
  16.  
  17. example:<br>
  18. guest1:guest1password<br>
  19. guest2:guest2password<br>
  20. guest3:guest3password
  21.  
  22. <?php
  23. } else {
  24.     // config
  25.     $ldapserver = 'www.zflexldap.com';          // from LDAP configuration page inside US
  26.     $ldapAdmin_user   = 'cn=ro_admin,ou=sysadmins,dc=zflexsoftware,dc=com';  // if user has admin search priviliges on all LDAP, then no need to define the whole CN. just the username will be enough // from LDAP configuration page inside US
  27.     $ldapAdmin_pass   = 'zflexpass';            // from LDAP configuration page inside US
  28.     $ldaptree   = "dc=zflexsoftware,dc=com";    // from LDAP configuration page inside US
  29.  
  30.     //$ldapserver = 'xyz.edu';
  31.     //$ldapAdmin_user   = 'adsearch';       // from LDAP configuration page
  32.     //$ldapAdmin_pass   = '';               // from LDAP configuration page
  33.     //$ldaptree   = "OU=Users,DC=xyz,DC=edu";   // from LDAP configuration page
  34.     $username = $_POST['username'];         // from login form
  35.     $password = $_POST['password'];         // from login form
  36.     $ldap_search_entry = "(|(cn=$username)(uid=$username))";        // or we can add "mail" if we want to allow users to login with email
  37.     $attribute_mapping_definition = "email:mail,username:uid,fname:givenname,lname:sn";     // map userSpice DB field with LDAP attribute
  38.        
  39.     // prepare attribte mapping array
  40.     $attribute_mapping = array();
  41.     //$attribute_mapping = explode(',',$attribute_mapping_definition);
  42.     foreach(explode(',',$attribute_mapping_definition) as $am) {
  43.         $fields_mapping = explode(':',$am);
  44.         if(count($fields_mapping) == 2)
  45.             $attribute_mapping[] = array( "us" => $fields_mapping[0], "ldap" => $fields_mapping[1]);
  46.     }
  47.            
  48.     // connect
  49.     $ldapconn = ldap_connect($ldapserver) or die("Could not connect to LDAP server.");
  50.  
  51.     if($ldapconn) {
  52.         // binding to ldap server
  53.         $ldapbindAdmin = ldap_bind($ldapconn, $ldapAdmin_user, $ldapAdmin_pass) or die ("Error trying to bind: ".ldap_error($ldapconn));
  54.         // verify binding
  55.         if ($ldapbindAdmin) {
  56.             echo "LDAP admin bind successful...<br /><br />";
  57.            
  58.             // now we need to search for the logged in username. our LDAP has cn=<username> but i noticed some other has uid=<username>
  59.             // maybe we can make the username LDAP field customized in the configuration form (variable $ldap_username_entry)
  60.            
  61.             $result = ldap_search($ldapconn,$ldaptree, $ldap_search_entry) or die ("Error in search query: ".ldap_error($ldapconn));
  62.             $data = ldap_get_entries($ldapconn, $result);
  63.             $userDN = $data[0]["dn"];
  64.             if(!empty($userDN)) {
  65.                 echo "userDN = $userDN <br>";
  66.                 //Now we need to bind the logged in user
  67.                 $ldapBindUser = ldap_bind($ldapconn, $userDN, $password);
  68.                 if($ldapBindUser){
  69.                     // Show user's data
  70.                     // https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html
  71.                     echo '<pre>';
  72.                     foreach($attribute_mapping as $am) {
  73.                         echo $am['us'].": ".$data[0][$am['ldap']][0].', <br>';
  74.                     }
  75.                     //echo 'Full name: '.$data[0]["displayname"][0].'<br>';
  76.                     //echo 'First name: '.$data[0]["givenname"][0].'<br>';
  77.                     //echo 'Last name: '.$data[0]["sn"][0].'<br>';
  78.                     //echo 'username: '.$data[0]["uid"][0].'<br>';  // use uid,sAMAccountName, or userPrincipalName
  79.                     //echo 'Email: '.$data[0]["mail"][0].'<br>';
  80.                     //echo 'Title: '.$data[0]["title"][0].'<br>';
  81.                     //echo 'Department: '.$data[0]["department"][0].'<br>';
  82.                     //echo 'Employee #: '.$data[0]["employeeid"][0].'<br>';
  83.                     echo '</pre>';
  84.                 } else {
  85.                     echo "LDAP user bind failed... (not athenticated)";            
  86.                 }
  87.                 //echo '<h1>Dump all data</h1><pre>';
  88.                 //print_r($data);
  89.                 //echo '</pre>';
  90.             } else {
  91.                 echo "LDAP user bind failed... (user not found)";
  92.             }
  93.         } else {
  94.             echo "LDAP admin bind failed...";
  95.         }
  96.  
  97.     }
  98.  
  99.     // all done? clean up
  100.     ldap_close($ldapconn);
  101. }
  102. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!