PHP and LDAP help

Question

PHP and LDAP help

Asked 10 years, 1 month ago

Viewed 42 times

1

I keep trying to set up this PHP login that authenticates with AD, I tested everything I found on the internet and I didn’t really think what was wrong. Besides the code below, I am attaching a print of our AD, even if this is wrong, because I don’t know what else to do. Does anyone have any idea? Code:

    <?php
// Initialize session
session_start();

function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "192.168.203.6";
    //$ldap_host = "server.college.school.edu";

    // Active Directory DN
    $ldap_dn = "OU=USUARIOS AVANCADOS,OU=TI,DC=peccin.local";
    //$ldap_dn = "OU=Departments,DC=college,DC=school,DC=edu";

    // Active Directory user group
    $ldap_user_group = "USUARIOS SETORES";
    //$ldap_user_group = "WebUsers";

    // Active Directory manager group
    $ldap_manager_group = "USUARIOS AVANCADOS";
    //$ldap_manager_group = "WebManagers";

    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "peccin.local";
    //$ldap_usr_dom = "@college.school.edu";

    // connect to active directory
    $ldap = ldap_connect($ldap_host);

    // verify user and password
    if($bind = @ldap_bind($ldap, "$user\\$ldap_usr_dom", $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
//        $filter = '(sAMAccountName="' . $user . '")';
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);

        // check groups
        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

            // is user
            if (strpos($grps, $ldap_user_group)) $access = 1;
        }

        if ($access != 0) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            // user has no rights
            //return false;
                        ?>
                <script language="JavaScript">
                <!--
                alert("user has no rights!");
                window.location = 'login.php';
                //-->
                </script>
            <?php
        }

    } else {
        // invalid name or password
        //return false;
                                ?>
                <script language="JavaScript">
                <!--
                alert("invalid name or password!");
                window.location = 'login.php';
                //-->
                </script>
            <?php
    }
}
?>

Print of the AD:

https://www.dropbox.com/s/vn2iu83zhkqtnzx/slide-1.png?dl=0

It’s the same question here?

– rray

2014/10/16 at 11:10
Yeah, except I put up the AD print.

– Diego

2014/10/16 at 11:14
If it’s the same you don’t need to create another one, just edit the question and add the image/link or error messages. Take the opportunity to learn how the site works on tour.

– rray

2014/10/16 at 11:18

No answers

Browser other questions tagged php active-directory

You are not signed in. Login or sign up in order to post.