API tools faq
paste
Advertisement
anasaz

LDAP for UserSpice

anasaz
Apr 14th, 2019
649
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.09 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. set_time_limit(30);
  3. error_reporting(E_ALL);
  4. ini_set('error_reporting', E_ALL);
  5. ini_set('display_errors',1);
  6.  
  7. if($_SERVER['REQUEST_METHOD'] != 'POST') {
  8. ?>
  9. <h2>Login</h2>
  10.  
  11. <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?>" method="post">
  12.     <p><input type="text" name="username" placeholder="Username"></p>
  13.     <p><input type="password" name="password" placeholder="Password"></p>
  14.     <p><input type="submit" value="Login"></p>
  15. </form>
  16.  
  17. example:<br>
  18. guest1:guest1password<br>
  19. guest2:guest2password<br>
  20. guest3:guest3password
  21.  
  22. <?php
  23. } else {
  24.     // config
  25.     $ldapserver = 'www.zflexldap.com';          // from LDAP configuration page inside US
  26.     $ldapAdmin_user   = 'cn=ro_admin,ou=sysadmins,dc=zflexsoftware,dc=com';  // if user has admin search priviliges on all LDAP, then no need to define the whole CN. just the username will be enough // from LDAP configuration page inside US
  27.     $ldapAdmin_pass   = 'zflexpass';            // from LDAP configuration page inside US
  28.     $ldaptree   = "dc=zflexsoftware,dc=com";    // from LDAP configuration page inside US
  29.  
  30.     //$ldapserver = 'xyz.edu';
  31.     //$ldapAdmin_user   = 'adsearch';           // from LDAP configuration page
  32.     //$ldapAdmin_pass   = '';                   // from LDAP configuration page
  33.     //$ldaptree   = "OU=Users,DC=xyz,DC=edu";       // from LDAP configuration page
  34.     $ldapPort = 389;
  35.     $ldapVersion = 3;
  36.     $username = $_POST['username'];         // from login form
  37.     $password = $_POST['password'];         // from login form
  38.     $ldap_search_entry = "(|(cn=$username)(uid=$username))";        // or we can add "mail" if we want to allow users to login with email
  39.     $attribute_mapping_definition = "email:mail,username:uid,fname:givenname,lname:sn";     // map userSpice DB field with LDAP attribute
  40.        
  41.     // prepare attribte mapping array
  42.     $attribute_mapping = array();
  43.     foreach(explode(',',$attribute_mapping_definition) as $am) {
  44.         $fields_mapping = explode(':',$am);
  45.         if(count($fields_mapping) == 2)
  46.             $attribute_mapping[] = array( "us" => $fields_mapping[0], "ldap" => $fields_mapping[1]);
  47.     }
  48.            
  49.     // connect
  50.     //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
  51.     $ldapconn = ldap_connect($ldapserver, $ldapPort) or die("Could not connect to LDAP server.");
  52.     ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, $ldapVersion);
  53.    
  54.     if($ldapconn) {
  55.         // binding to ldap server
  56.         $ldapbindAdmin = ldap_bind($ldapconn, $ldapAdmin_user, $ldapAdmin_pass) or die ("Error trying to bind: ".ldap_error($ldapconn));
  57.         // verify binding
  58.         if ($ldapbindAdmin) {
  59.             echo "LDAP admin bind successful...<br /><br />";
  60.            
  61.             // now we need to search for the logged in username.
  62.            
  63.             $result = ldap_search($ldapconn,$ldaptree, $ldap_search_entry) or die ("Error in search query: ".ldap_error($ldapconn));
  64.             $data = ldap_get_entries($ldapconn, $result);
  65.             $userDN = $data[0]["dn"];
  66.             if(!empty($userDN)) {
  67.                 echo "userDN = $userDN <br>";
  68.                 //Now we need to bind the logged in user
  69.                 $ldapBindUser = ldap_bind($ldapconn, $userDN, $password);
  70.                 if($ldapBindUser){
  71.                     // Show user's data
  72.                     // https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html
  73.                     echo '<pre>';
  74.                     foreach($attribute_mapping as $am) {
  75.                         echo $am['us'].": ".$data[0][$am['ldap']][0].', <br>';
  76.                     }
  77.                     //echo 'Full name: '.$data[0]["displayname"][0].'<br>';
  78.                     //echo 'First name: '.$data[0]["givenname"][0].'<br>';
  79.                     //echo 'Last name: '.$data[0]["sn"][0].'<br>';
  80.                     //echo 'username: '.$data[0]["uid"][0].'<br>';  // use uid,sAMAccountName, or userPrincipalName
  81.                     //echo 'Email: '.$data[0]["mail"][0].'<br>';
  82.                     //echo 'Title: '.$data[0]["title"][0].'<br>';
  83.                     //echo 'Department: '.$data[0]["department"][0].'<br>';
  84.                     //echo 'Employee #: '.$data[0]["employeeid"][0].'<br>';
  85.                     echo '</pre>';
  86.                 } else {
  87.                     echo "LDAP user bind failed... (not athenticated)";            
  88.                 }
  89.                 //echo '<h1>Dump all data</h1><pre>';
  90.                 //print_r($data);
  91.                 //echo '</pre>';
  92.             } else {
  93.                 echo "LDAP user bind failed... (user not found)";
  94.             }
  95.         } else {
  96.             echo "LDAP admin bind failed...";
  97.         }
  98.  
  99.     }
  100.  
  101.     // all done? clean up
  102.     ldap_close($ldapconn);
  103. }
  104. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!