#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    2
    Rep Power
    0

    Exclamation LDAP connects in example code given, but not in my application


    I'm working on integrating Microsoft Active directory authentication into a drupal module for a project. I loaded the adLDAP folder with examples on the server, and it is able to authenticate perfectly fine. No problems what so ever.
    Here's the original code from the example:
    PHP Code:
    $username=strtoupper($_POST["username"]); //remove case sensitivity on the username
    $password=$_POST["password"];
    $formage=$_POST["formage"];

    if (
    $_POST["oldform"]){ //prevent null bind

        
    if ($username!=NULL && $password!=NULL){
            
    //include the class and create a connection
            
    include ("../adLDAP.php");
            try {
                
    $adldap = new adLDAP();
            }
            catch (
    adLDAPException $e) {
                echo 
    $e; exit();   
            }
            
            
    //authenticate the user
            
    if ($adldap -> authenticate($username,$password)){
                
    //establish your session and redirect
                
    session_start();
                
    $_SESSION["username"]=$username;
                
    $redir="Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/menu.htm";
                
    header($redir);
                exit;
            }
        }
        
    $failed=1;

    And this is what's in my drupal code:
    PHP Code:
        $response = array();  
      
    $response['status'] = 'failed';
      
      if (isset(
    $_SESSION['openid']['claimed_id']) && isset($_SESSION['openid']['claimed_password'])) {
        
    $claimed_id $_SESSION['openid']['claimed_id'];
        
    $claimed_password $_SESSION['openid']['claimed_id'];
        unset(
    $_SESSION['openid']['service']);
        unset(
    $_SESSION['openid']['claimed_id']);
        unset(
    $_SESSION['openid']['claimed_password']);

        
    $response['openid.claimed_id'] = $claimed_id// For finding the user in the system.

        // Authentification Here
        
        //you should look into using PECL filter or some form of filtering here for POST variables
        
    $username=strtoupper($claimed_id); //remove case sensitivity on the username
        
    $password=$claimed_password;

        if (
    $username!=NULL && $password!=NULL){
            try {
                
    $adldap = new adLDAP();
            }
            catch (
    adLDAPException $e) {
               die(
    $e);   
            }
            
            
    //authenticate the user
            
    if ($adldap -> authenticate($username,$password)){
                
    $response['status'] = 'success';
            }
        }
        
        die(
    "openid_complete() 3, response status is ".$response['status']);
      }
      return 
    $response
    I used die statements to see how the code is flowing. From the die statements, i know the following

    The username and password are getting to the authenticate function properly.
    The statements leading up to and following the ldap_connect and ldap_bind are working.


    Here is adLDAP's authentification function, it's here where the main problem occurs:
    PHP Code:
        public function authenticate($username,$password,$prevent_rebind=false){
            
    // Prevent null binding
            
    if ($username===NULL || $password===NULL){ return (false); } 
            
            
    // Bind as the user        
                    
    die("_conn = ".$this->_conn.", username = ".$username.$this->_account_suffix.", and password = ".$password); 

            
    $this->_bind = @ldap_bind($this->_conn,$username.$this->_account_suffix,$password);
            if (!
    $this->_bind){ return (false); } // !!! This is running, the ldap_bind is failing!!!
            
            // Cnce we've checked their details, kick back into admin mode if we have it
            
    if ($this->_ad_username!=NULL && !$prevent_rebind){
                
    $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);
                if (!
    $this->_bind){
                    
    // This should never happen in theory
                    
    throw new adLDAPException('Rebind to Active Directory failed. AD said: ' $this->get_last_error());
                } 
            }
            
            return (
    true);
        } 
    Any help would be awesome, the only difference i can see between the adLDAP's example code that worked and the drupal one which isn't working is the resource ID #, for the drupal one it shows #95, for the example one the resource ID # from the connect is #3

    Thanks a ton...i got to finish this up by the end of hte month or i'm screwed :P
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    10
    In the example code they retrieve the user's DN and then BIND using it and the password. In your code your building the DN using variable '_account_suffix' and I do not see where it is being set. If you do not have a flat tree then building the DN is not a good solution. BTW I'm not a PHP code expert, just reading through your example and providing what assistance I can.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    2
    Rep Power
    0
    Originally Posted by ldapswandog
    In the example code they retrieve the user's DN and then BIND using it and the password. In your code your building the DN using variable '_account_suffix' and I do not see where it is being set. If you do not have a flat tree then building the DN is not a good solution. BTW I'm not a PHP code expert, just reading through your example and providing what assistance I can.
    Thanks for the help. That wasn't the issue, but i did find out what was after a long while. Turns out for the domain controller i had dc01.thesite.com, when all i needed was thesite.com...which is odd cuz i was positive i copied the working adldap.php file and pasted it in there.

    Anyways, i'll close this, sorry i forgot to before. The module is nearing completion, sadly when i started this module, there was no ldap integration, and now there are already 2 out there :P so much for providing something in need xD

IMN logo majestic logo threadwatch logo seochat tools logo