Yep you're on track, I currently use openLdap but I imagin that AD works the same. First I connect with auth account and verify that the username exists then I attemp to log in as the user if it sucesseds then I use it. The double connection is for security purposes to make sure it is a vaild user.
Offtopic - Custom Monster
Your shameless advertising worked - I am now hosting introspected.com with custom monster. What affiliation do you have with them? I've been pretty happy so far..
Originally Posted by Viper_SB
He's a friend of mine I don't have a site so I asked him if he wanted me to put his site there. He does great work and it is a great hosting company glad you like it.
June 11th, 2004, 07:47 AM
I've learned a lot from this site so i've decided to give my advice on how ma AD Admin Frontend works!
I still can't get the Password changed, but that will come in time!
Here is the code i use to authenticate via Active Directory
One question, does the CA need to be the Server that Ldap is on?
<?php session_start(); ?>
// disable error reporting
// check form has been correctly completed
if($_POST["user"]=="" || $_POST["pass"]=="")
// initalize some variables
$server = "localhost";
$user = $_POST["user"]."@company.co.uk";
$pass = $_POST["pass"];
// let other pages know this user is authenticated
$_SESSION["user"] = $user;
$_SESSION["pass"] = $pass;
// connect to active directory
$ad = ldap_connect($server);
die("Connect not connect to ".$server);
// try our username/pass
$b = ldap_bind($ad,$user,$pass);
die("Invalid user name and password");
// if we get here the user/pass is ok, disconnect from AD
printf("<BR>You are now authenticated under ".$_SESSION["user"]);
i've got it a standalone given server & client certificates to the webserver!
June 16th, 2004, 03:59 AM
From the information that I have it can be on a separate server.
Originally Posted by Jock3h^
June 16th, 2004, 06:35 AM
Some of you guys are missing the point - I can authenticate to Active Directory, which is easy (as some of you have proven). What I need to do is modify the user password in Active Directory. I know it can be done - Microsoft says it can, but how?
June 16th, 2004, 02:32 PM
I think I'm gonna try bwhaley's idea on the first page of this thread: he wrote a Perl script that may work (I have yet to try it). I'll let you know how it goes... vbmenu_register("postmenu_663070", true);
June 16th, 2004, 04:22 PM
Okay, I tried it, but it isn't going to be easy. I have Perl v5.8.2 on Windows Server 2003, which works fine. I needed to install Net::SSLeay, among others, but it would not compile. First, I got an error from CPAN saying it could not find command 'cl', so I installed Microsoft Visual Studio .NET (something I was reluctant to do on a server, but I needed the compiler). I also installed the Windows version of Open SSL, which CPAN needed to compile NET::SSLeay. I also needed IO::Socket::SSL, and I think that installed.
Anyway, to make a long story short, I couldn't get all the required Perl modules installed to make bwhaley's script work. Anyone else? It seems like the moons have misaligned and something doesn't want me to intermingle PHP and Active Directory.
June 18th, 2004, 03:14 AM
Matthew i was answering someone elses post (about user authentication via AD..
I have resetted a users Password in Active Directory from my web interface
it's quite simple but it involves
creating a file on the server then useing PHP to call ldifde
which is what actualy changes the password,
i'm not finnished it yet but once i have i'll post for everyone to see!
June 18th, 2004, 06:37 AM
Oh, okay - just making sure the thread didn't go that direction .
I'm watchin' this thread hard, so if you post a solution, you can bet I'll be trying it out...
June 18th, 2004, 09:39 AM
Sorry for the troubles Matthew.. please note that I didn't write the script, I put a link to the site where somebody did. Don't want to take credit for what isn't mine . Also, it is meant to work for *nix, I'm not sure if Net::SSLeay will work with ActiveState Perl..
Originally Posted by MatthewClark
June 18th, 2004, 02:58 PM
Where was I when this was posted? Did anyone try it? I'm gonna try it...
June 18th, 2004, 04:51 PM
Read this thread onward. If you can get it working that'd be great.
June 18th, 2004, 05:25 PM
Oh, woops. This thread has gotten so long it's hard to keep up with stuff. I should have taken a hint that if the script worked, the thread would have stopped there .
Okay, still working...
(Wooh, post number 100 - weeee)
June 21st, 2004, 10:51 AM
I don't normally run IIS or AD but is there an easy (meaning not having to install A TON of stuff) way of getting AD running on my XP machine? I want to work on getting PHP and AD working. But I need a working AD server to test against. I currently have access to a couple FreeBSD boxes which would run PHP and I can install PHP on my XP machine to test with. Anyone? Thanks.