#31
  1. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    Yep you're on track, I currently use openLdap but I imagin that AD works the same. First I connect with auth account and verify that the username exists then I attemp to log in as the user if it sucesseds then I use it. The double connection is for security purposes to make sure it is a vaild user.
  2. #32
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    9
    Rep Power
    0

    Offtopic - Custom Monster


    Originally Posted by Viper_SB
    Custom Monster Hosting custom hosting.
    Your shameless advertising worked - I am now hosting introspected.com with custom monster. What affiliation do you have with them? I've been pretty happy so far..
  4. #33
  5. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    He's a friend of mine I don't have a site so I asked him if he wanted me to put his site there. He does great work and it is a great hosting company glad you like it.
  6. #34
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Location
    Greenock, Scotland
    Posts
    5
    Rep Power
    0
    I've learned a lot from this site so i've decided to give my advice on how ma AD Admin Frontend works!
    I still can't get the Password changed, but that will come in time!

    Do you know if it's possible to verify user & password stored in AD. What I mean is that user while entering a site is asked to enter loginname and password.
    Here is the code i use to authenticate via Active Directory

    PHP Code:
    <?php session_start(); ?>

    <?php

        
    // disable error reporting
        
    error_reporting(1);
        
        
    // check form has been correctly completed
        
    if($_POST["user"]=="" || $_POST["pass"]=="")
        {
                
    printf("Authentication required");
                
    session_destroy();
                exit();
        }
        
        
    // initalize some variables
        
    $server "localhost";
        
    $user $_POST["user"]."@company.co.uk";
        
    $pass $_POST["pass"];
        
        
    // let other pages know this user is authenticated
        
    $_SESSION["user"] = $user;
        
    $_SESSION["pass"] = $pass;
        
        
    // connect to active directory
        
    $ad ldap_connect($server);
        if(!
    $ad)
            die(
    "Connect not connect to ".$server);
            
        
    // try our username/pass
        
    $b ldap_bind($ad,$user,$pass);
        if(!
    $b)
            die(
    "Invalid user name and password");

        
    // if we get here the user/pass is ok, disconnect from AD
        //ldap_unbind($ad);


        
    printf("<BR>You are now authenticated under ".$_SESSION["user"]);
    One question, does the CA need to be the Server that Ldap is on?
    i've got it a standalone given server & client certificates to the webserver!
  8. #35
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Location
    Poland
    Posts
    6
    Rep Power
    0

    Standalone


    Originally Posted by Jock3h^
    One question, does the CA need to be the Server that Ldap is on?
    i've got it a standalone given server & client certificates to the webserver!
    From the information that I have it can be on a separate server.
  10. #36
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    Some of you guys are missing the point - I can authenticate to Active Directory, which is easy (as some of you have proven). What I need to do is modify the user password in Active Directory. I know it can be done - Microsoft says it can, but how?
  12. #37
  13. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    I think I'm gonna try bwhaley's idea on the first page of this thread: he wrote a Perl script that may work (I have yet to try it). I'll let you know how it goes... vbmenu_register("postmenu_663070", true);
  14. #38
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    Okay, I tried it, but it isn't going to be easy. I have Perl v5.8.2 on Windows Server 2003, which works fine. I needed to install Net::SSLeay, among others, but it would not compile. First, I got an error from CPAN saying it could not find command 'cl', so I installed Microsoft Visual Studio .NET (something I was reluctant to do on a server, but I needed the compiler). I also installed the Windows version of Open SSL, which CPAN needed to compile NET::SSLeay. I also needed IO::Socket::SSL, and I think that installed.

    Anyway, to make a long story short, I couldn't get all the required Perl modules installed to make bwhaley's script work. Anyone else? It seems like the moons have misaligned and something doesn't want me to intermingle PHP and Active Directory.
  16. #39
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Location
    Greenock, Scotland
    Posts
    5
    Rep Power
    0
    Matthew i was answering someone elses post (about user authentication via AD..
    anyway

    I have resetted a users Password in Active Directory from my web interface
    it's quite simple but it involves
    creating a file on the server then useing PHP to call ldifde
    which is what actualy changes the password,
    i'm not finnished it yet but once i have i'll post for everyone to see!
  18. #40
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    Oh, okay - just making sure the thread didn't go that direction .

    I'm watchin' this thread hard, so if you post a solution, you can bet I'll be trying it out...
  20. #41
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    9
    Rep Power
    0
    Originally Posted by MatthewClark
    I think I'm gonna try bwhaley's idea on the first page of this thread: he wrote a Perl script that may work (I have yet to try it).
    Sorry for the troubles Matthew.. please note that I didn't write the script, I put a link to the site where somebody did. Don't want to take credit for what isn't mine . Also, it is meant to work for *nix, I'm not sure if Net::SSLeay will work with ActiveState Perl..
  22. #42
  23. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    Viper_SB:
    Here is the perl code converted to PHP.
    Where was I when this was posted? Did anyone try it? I'm gonna try it...
  24. #43
  25. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    Read this thread onward. If you can get it working that'd be great.
  26. #44
  27. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    San Angelo, Texas (USA)
    Posts
    286
    Rep Power
    13
    Oh, woops. This thread has gotten so long it's hard to keep up with stuff. I should have taken a hint that if the script worked, the thread would have stopped there .

    Okay, still working...

    (Wooh, post number 100 - weeee)
  28. #45
  29. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    I don't normally run IIS or AD but is there an easy (meaning not having to install A TON of stuff) way of getting AD running on my XP machine? I want to work on getting PHP and AD working. But I need a working AD server to test against. I currently have access to a couple FreeBSD boxes which would run PHP and I can install PHP on my XP machine to test with. Anyone? Thanks.

IMN logo majestic logo threadwatch logo seochat tools logo