#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    2
    Rep Power
    0

    Exclamation LDAP connects in example code given, but not in my application


    I'm working on integrating Microsoft Active directory authentication into a drupal module for a project. I loaded the adLDAP folder with examples on the server, and it is able to authenticate perfectly fine. No problems what so ever.
    Here's the original code from the example:
    PHP Code:
    $username=strtoupper($_POST["username"]); //remove case sensitivity on the username
    $password=$_POST["password"];
    $formage=$_POST["formage"];

    if (
    $_POST["oldform"]){ //prevent null bind

        
    if ($username!=NULL && $password!=NULL){
            
    //include the class and create a connection
            
    include ("../adLDAP.php");
            try {
                
    $adldap = new adLDAP();
            }
            catch (
    adLDAPException $e) {
                echo 
    $e; exit();   
            }
            
            
    //authenticate the user
            
    if ($adldap -> authenticate($username,$password)){
                
    //establish your session and redirect
                
    session_start();
                
    $_SESSION["username"]=$username;
                
    $redir="Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/menu.htm";
                
    header($redir);
                exit;
            }
        }
        
    $failed=1;

    And this is what's in my drupal code:
    PHP Code:
        $response = array();  
      
    $response['status'] = 'failed';
      
      if (isset(
    $_SESSION['openid']['claimed_id']) && isset($_SESSION['openid']['claimed_password'])) {
        
    $claimed_id $_SESSION['openid']['claimed_id'];
        
    $claimed_password $_SESSION['openid']['claimed_id'];
        unset(
    $_SESSION['openid']['service']);
        unset(
    $_SESSION['openid']['claimed_id']);
        unset(
    $_SESSION['openid']['claimed_password']);

        
    $response['openid.claimed_id'] = $claimed_id// For finding the user in the system.

        // Authentification Here
        
        //you should look into using PECL filter or some form of filtering here for POST variables
        
    $username=strtoupper($claimed_id); //remove case sensitivity on the username
        
    $password=$claimed_password;

        if (
    $username!=NULL && $password!=NULL){
            try {
                
    $adldap = new adLDAP();
            }
            catch (
    adLDAPException $e) {
               die(
    $e);   
            }
            
            
    //authenticate the user
            
    if ($adldap -> authenticate($username,$password)){
                
    $response['status'] = 'success';
            }
        }
        
        die(
    "openid_complete() 3, response status is ".$response['status']);
      }
      return 
    $response
    I used die statements to see how the code is flowing. From the die statements, i know the following

    The username and password are getting to the authenticate function properly.
    The statements leading up to and following the ldap_connect and ldap_bind are working.


    Here is adLDAP's authentification function, it's here where the main problem occurs:
    PHP Code:
        public function authenticate($username,$password,$prevent_rebind=false){
            
    // Prevent null binding
            
    if ($username===NULL || $password===NULL){ return (false); } 
            
            
    // Bind as the user        
                    
    die("_conn = ".$this->_conn.", username = ".$username.$this->_account_suffix.", and password = ".$password); 

            
    $this->_bind = @ldap_bind($this->_conn,$username.$this->_account_suffix,$password);
            if (!
    $this->_bind){ return (false); } // !!! This is running, the ldap_bind is failing!!!
            
            // Cnce we've checked their details, kick back into admin mode if we have it
            
    if ($this->_ad_username!=NULL && !$prevent_rebind){
                
    $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);
                if (!
    $this->_bind){
                    
    // This should never happen in theory
                    
    throw new adLDAPException('Rebind to Active Directory failed. AD said: ' $this->get_last_error());
                } 
            }
            
            return (
    true);
        } 
    Any help would be awesome, the only difference i can see between the adLDAP's example code that worked and the drupal one which isn't working is the resource ID #, for the drupal one it shows #95, for the example one the resource ID # from the connect is #3

    Thanks a ton...i got to finish this up by the end of hte month or i'm screwed :P
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    9
    In the example code they retrieve the user's DN and then BIND using it and the password. In your code your building the DN using variable '_account_suffix' and I do not see where it is being set. If you do not have a flat tree then building the DN is not a good solution. BTW I'm not a PHP code expert, just reading through your example and providing what assistance I can.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    2
    Rep Power
    0
    Originally Posted by ldapswandog
    In the example code they retrieve the user's DN and then BIND using it and the password. In your code your building the DN using variable '_account_suffix' and I do not see where it is being set. If you do not have a flat tree then building the DN is not a good solution. BTW I'm not a PHP code expert, just reading through your example and providing what assistance I can.
    Thanks for the help. That wasn't the issue, but i did find out what was after a long while. Turns out for the domain controller i had dc01.thesite.com, when all i needed was thesite.com...which is odd cuz i was positive i copied the working adldap.php file and pasted it in there.

    Anyways, i'll close this, sorry i forgot to before. The module is nearing completion, sadly when i started this module, there was no ldap integration, and now there are already 2 out there :P so much for providing something in need xD

IMN logo majestic logo threadwatch logo seochat tools logo