473,320 Members | 2,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

-> LDAP question <-

Hi,
I'm checking a user identity on a secure LDAP server using the
following code:

$ldapconn = ldap_connect("ldaps://myserver.mycompany.ch", 636 )
or die( "Can't connect to LDAP" ) ;

$ldapresult = ldap_search( $ldapconn,"o=mycompany,c=ch","cn=".$name);

if( $ldapresult ) {
$entries = ldap_get_entries( $ldapconn, $ldapresult ) ;
if( $entries["count"] ) {
$ldapbind = ldap_bind( $ldapconn, $entries[0]['dn'], $pwd ) ;
if( $ldapbind ) {
echo "Connected: user exists, password checked<br>" ;
}
}

This works ok if I submit the right $name and $pwd

Then I'd like to retrieve some data from the specified user, say
the givenName and sn but can't figure out a way to retrieve those
values using ldap_read or ldap_get_values

For example:
$results = ldap_read($ldapconn, "cn=myname,o=mycompany,c=ch",
'(objectclass=person)', array( "givenname", "sn" ) ) ;
$firstname = ldap_get_values($ldapconn, $results, "givenname" ) ;
$lastname = ldap_get_values($ldapconn, $results, "sn" ) ;

This fails on the ldap_get_values() stating that the supplied resource
is not a valid ldap result entry resource.
If I use something like:

$firstname = ldap_get_values($ldapconn, $ldapresult, "givenname" ) ;
$lastname = ldap_get_values($ldapconn, $ldapresult, "sn" ) ;

It fails too...

What is wrong?
Thanks for any help.
Sincerely,
Steve JORDI

(Remove the K_I_L_LSPAM from my email address)
------------------------------------------------
1197 Prangins Email: st*******************@hotmail.com
Switzerland WWW: www.sjordi.com
------------------------------------------------
Volcanoes at www.sjordi.com/volcanoes
MovieDB at www.sjmoviedb.com
------------------------------------------------
Jan 10 '07 #1
2 2476
Hi Steve --

After you successfully bind to your LDAP server using the procedure you
outline below, there is no need to conduct a second search to retrieve
information about the user. What you're looking for already exists (or
should, theoretically) in $entries. It's simply a matter of accessing
the data in the array. Notice that when you're performing the bind
operation, you're using $entries[0]['dn'] -- the other attributes for
the user are in the same array. So if you want to retrieve a user's
last name, for example, you would access it here: $entries[0]['sn'].

Just to be on the safe side, perhaps doing a simple print_r($entries)
might be a good first step to ensuring that the data you're looking for
is actually there.

I hope this helps. :)
Geoffrey
Steve JORDI wrote:
Hi,
I'm checking a user identity on a secure LDAP server using the
following code:

$ldapconn = ldap_connect("ldaps://myserver.mycompany.ch", 636 )
or die( "Can't connect to LDAP" ) ;

$ldapresult = ldap_search( $ldapconn,"o=mycompany,c=ch","cn=".$name);

if( $ldapresult ) {
$entries = ldap_get_entries( $ldapconn, $ldapresult ) ;
if( $entries["count"] ) {
$ldapbind = ldap_bind( $ldapconn, $entries[0]['dn'], $pwd ) ;
if( $ldapbind ) {
echo "Connected: user exists, password checked<br>" ;
}
}

This works ok if I submit the right $name and $pwd

Then I'd like to retrieve some data from the specified user, say
the givenName and sn but can't figure out a way to retrieve those
values using ldap_read or ldap_get_values

For example:
$results = ldap_read($ldapconn, "cn=myname,o=mycompany,c=ch",
'(objectclass=person)', array( "givenname", "sn" ) ) ;
$firstname = ldap_get_values($ldapconn, $results, "givenname" ) ;
$lastname = ldap_get_values($ldapconn, $results, "sn" ) ;

This fails on the ldap_get_values() stating that the supplied resource
is not a valid ldap result entry resource.
If I use something like:

$firstname = ldap_get_values($ldapconn, $ldapresult, "givenname" ) ;
$lastname = ldap_get_values($ldapconn, $ldapresult, "sn" ) ;

It fails too...

What is wrong?
Thanks for any help.
Sincerely,
Steve JORDI

(Remove the K_I_L_LSPAM from my email address)
------------------------------------------------
1197 Prangins Email: st*******************@hotmail.com
Switzerland WWW: www.sjordi.com
------------------------------------------------
Volcanoes at www.sjordi.com/volcanoes
MovieDB at www.sjmoviedb.com
------------------------------------------------
Jan 11 '07 #2
Geoffrey,

Thanks for your input.

I have tried to immediately display the entry values right after the
ldap_search followed by ldap_get_entries.

It returns error on almost all of the attributes, stating that "mail"
or "groupMembership" are undefined. Only "surname" seems to work.

I tried to use LDAP Broswer to check whether I can see all of the
attributes, and it's ok, I see everything then. But not from PHP.

Could the ldap server be configured in a manner that it doesn't
retrieve all the attributes? For one user, it gets only 5 attributes
in total. What is pretty low...
$ldapconn = ldap_connect("ldaps://myserver", 636 )
or die( "Can't connect to server<BR>" ) ;

if (ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "Using LDAPv3<BR>\n";
} else {
echo "Failed to set protocol version to 3";
}

ldap_bind( $ldapconn, "cn=username,ou=mygroup,o=mynetwork,c=country" ,
$pwd ) ;
$result = ldap_search( $ldapconn, "o=mynetwork,c=country",
"cn=jordi", array( "surname", "mail", "groupMembership" ) ) ;
$entry = ldap_get_entries($ldapconn, $result);

echo "SN =".$entry[0]['sn']."<br>\n" ;
echo "Surname =".$entry[0]["surname"]."<br>\n" ;
echo "mail =".$entry[0]["mail"]."<br>\n" ;
echo "group =".$entry[0]["groupMembership"]."<br>\n" ;

This returns...
Username= username
Using LDAPv3

Notice: Undefined index: sn on line 33
SN =
Surname =Array

Notice: Undefined index: mail on line 35
mail =

Notice: Undefined index: groupMembership on line 36
group =


Sincerely,
Steve JORDI

(Remove the K_I_L_LSPAM from my email address)
------------------------------------------------
1197 Prangins Email: st*******************@hotmail.com
Switzerland WWW: www.sjordi.com
------------------------------------------------
Volcanoes at www.sjordi.com/volcanoes
MovieDB at www.sjmoviedb.com
------------------------------------------------
Jan 12 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Arne Schirmacher | last post by:
I want to display a MySQL database field that can contain HTML markup. If I use <esql:get-string> then I get all of the database field, but all tags are escaped which is not what I want. If I use...
8
by: Daniel Hansen | last post by:
I know this must seem totally basic and stupid, but I cannot find any reference that describes how to control the spacing between <p>...</p> and <div>...</div> blocks. When I implement these on a...
11
by: Woolly Mittens | last post by:
I tried validating my gallery page using your validator. http://validator.w3.org/check?uri=http%3A%2F%2Fwww.woollymittens.nl%2Fcontent%2Fgallery%2Findex.asp To my surprise it informed me that...
129
by: Torbjørn Pettersen | last post by:
I've started cleaning up my HTML and implementing CSS. So far I've used FrontPage, but am switching over to DreamWeaver. Reading a bit on W3Schools.com and W3.org I see there are a lot of HTML...
0
by: Fabian Baum | last post by:
Hi, i have a problem in the following source code, i cant read the department from the AD ;( where is my mistake? Dim strBrowser 'Brausertyp If Request.ServerVariables("LOGON_USER") = ""...
4
by: David Lozzi | last post by:
Howdy, I'm using a WYSIWYG editor called TinyMCE. When I edit some text and then save it back to my SQL server using a SQLCommand, all HTML characters are changed to HTML code, i.e. &gt;strong&lt;...
1
by: Steve JORDI | last post by:
Hi, it seems to me that I have a problem using an LDAPS connection to our server for identification purposes (using OpenLDAP and OpenSSL). Using PHP 4.4.4 I have the following code which...
7
by: Nathan Sokalski | last post by:
Something that I recently noticed in IE6 (I don't know whether it is true for other browsers or versions of IE) is that it renders <br/and <br></br> differently. With the <br/version, which is what...
2
by: Samik R. | last post by:
Simple question about writing the method summary: how do you write > (greater than) or < (less than) in between <summary></summary>? Thanks.
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.