LDAP connects in example code given, but not in my application

Dev Shed Forums Sponsor:

January 19th, 2010, 03:25 PM

SapAuthor

Registered User

Join Date: Jan 2010

Posts: 2

Time spent in forums: 51 m 28 sec
Reputation Power: 0

LDAP connects in example code given, but not in my application

I'm working on integrating Microsoft Active directory authentication into a drupal module for a project. I loaded the adLDAP folder with examples on the server, and it is able to authenticate perfectly fine. No problems what so ever.
Here's the original code from the example:

PHP Code:


		
			
 $username=strtoupper($_POST["username"]); //remove case sensitivity on the username

$password=$_POST["password"];

$formage=$_POST["formage"];



if ($_POST["oldform"]){ //prevent null bind



    if ($username!=NULL && $password!=NULL){

        //include the class and create a connection

        include ("../adLDAP.php");

        try {

            $adldap = new adLDAP();

        }

        catch (adLDAPException $e) {

            echo $e; exit();   

        }

        

        //authenticate the user

        if ($adldap -> authenticate($username,$password)){

            //establish your session and redirect

            session_start();

            $_SESSION["username"]=$username;

            $redir="Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/menu.htm";

            header($redir);

            exit;

        }

    }

    $failed=1;

}

And this is what's in my drupal code:

PHP Code:


		
			
 $response = array();  

  $response['status'] = 'failed';

  

  if (isset($_SESSION['openid']['claimed_id']) && isset($_SESSION['openid']['claimed_password'])) {

    $claimed_id = $_SESSION['openid']['claimed_id'];

    $claimed_password = $_SESSION['openid']['claimed_id'];

    unset($_SESSION['openid']['service']);

    unset($_SESSION['openid']['claimed_id']);

    unset($_SESSION['openid']['claimed_password']);



    $response['openid.claimed_id'] = $claimed_id; // For finding the user in the system.



    // Authentification Here

    

    //you should look into using PECL filter or some form of filtering here for POST variables

    $username=strtoupper($claimed_id); //remove case sensitivity on the username

    $password=$claimed_password;



    if ($username!=NULL && $password!=NULL){

        try {

            $adldap = new adLDAP();

        }

        catch (adLDAPException $e) {

           die($e);   

        }

        

        //authenticate the user

        if ($adldap -> authenticate($username,$password)){

            $response['status'] = 'success';

        }

    }

    

    die("openid_complete() 3, response status is ".$response['status']);

  }

  return $response;

I used die statements to see how the code is flowing. From the die statements, i know the following

The username and password are getting to the authenticate function properly.
The statements leading up to and following the ldap_connect and ldap_bind are working.

Here is adLDAP's authentification function, it's here where the main problem occurs:

PHP Code:


		
			
public function authenticate($username,$password,$prevent_rebind=false){

        // Prevent null binding

        if ($username===NULL || $password===NULL){ return (false); } 

        

        // Bind as the user        

                die("_conn = ".$this->_conn.", username = ".$username.$this->_account_suffix.", and password = ".$password); 



        $this->_bind = @ldap_bind($this->_conn,$username.$this->_account_suffix,$password);

        if (!$this->_bind){ return (false); } // !!! This is running, the ldap_bind is failing!!!

        

        // Cnce we've checked their details, kick back into admin mode if we have it

        if ($this->_ad_username!=NULL && !$prevent_rebind){

            $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);

            if (!$this->_bind){

                // This should never happen in theory

                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->get_last_error());

            } 

        }

        

        return (true);

    }

Any help would be awesome, the only difference i can see between the adLDAP's example code that worked and the drupal one which isn't working is the resource ID #, for the drupal one it shows #95, for the example one the resource ID # from the connect is #3

Thanks a ton...i got to finish this up by the end of hte month or i'm screwed :P

January 19th, 2010, 05:39 PM

ldapswandog

Contributing User

Join Date: Jan 2009

Location: Charlotte, NC

Posts: 111

Time spent in forums: 22 h 18 m
Reputation Power: 8

In the example code they retrieve the user's DN and then BIND using it and the password. In your code your building the DN using variable '_account_suffix' and I do not see where it is being set. If you do not have a flat tree then building the DN is not a good solution. BTW I'm not a PHP code expert, just reading through your example and providing what assistance I can.

January 19th, 2010, 07:26 PM

SapAuthor

Registered User

Join Date: Jan 2010

Posts: 2

Time spent in forums: 51 m 28 sec
Reputation Power: 0

Quote:

Originally Posted by ldapswandog

Thanks for the help. That wasn't the issue, but i did find out what was after a long while. Turns out for the domain controller i had dc01.thesite.com, when all i needed was thesite.com...which is odd cuz i was positive i copied the working adldap.php file and pasted it in there.

Anyways, i'll close this, sorry i forgot to before. The module is nearing completion, sadly when i started this module, there was no ldap integration, and now there are already 2 out there :P so much for providing something in need xD

LDAP connects in example code given, but not in my application

Developer Shed Advertisers and Affiliates