Simple LDAP Validation

Simple LDAP Validation

Postby nokopenit » Fri Oct 05, 2012 4:02 am

Hi all,

I just wanted to share this code that I use to validate my Samba Ldap Users:

Our user must be created in nubuilder database and the password will be stored in a samba ldap directory.

We have to edit formlogin.php
Code: Select all

      // Change this query
      $s  = "SELECT zzsys_user_id AS ID, sal_name AS AccessLevel, sug_group_name as UserGroupName FROM zzsys_user ";
      $s .= "INNER JOIN zzsys_user_group ON sus_zzsys_user_group_id = zzsys_user_group_id ";
      $s .= "INNER JOIN zzsys_access_level ON sug_zzsys_access_level_id = zzsys_access_level_id ";
      $s .= "WHERE sus_login_name = '$user'"; //Only cheque if the user exists


      $t  = nuRunQuery($s);
      $r  = db_fetch_object($t);
      // the globeadmin username should not exist in the zzsys_user table
      if($r->ID!='' && $user=='globeadmin'){
         return $stoplogin;
      }
      
      //user name and password failed   
      if($r->ID=='' || !validate_ldap($user, $pass)){ //check the password with the validate_ldap function
         return $stoplogin;
      }   


//validate_ldap
function validate_ldap($user, $pass) {

      $ldapconfig['host'] = 'host ip';
      $ldapconfig['port'] = 389;
      $ldapconfig['basedn'] = 'dc=some,dc=com';

      $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
      $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $user);

      if ($r) {
          $result = @ldap_get_entries( $ds, $r);
          if ($result[0]) {
              if (@ldap_bind( $ds, $result[0]['dn'], $pass) ) {
            return true;
              }
          }
      }
      return false;
   }




Hope it helps.
regards
Pablo.
nokopenit
 
Posts: 2
Joined: Tue Sep 25, 2012 11:38 am

Re: Simple LDAP Validation

Postby johan » Fri Oct 05, 2012 7:44 pm

Pablo,

Nice but I'm looking for a solution that works in the other direction.

We use LDAP for email, intranet, .... so the users are already in LDAP. It would be nice if Ldap could give the permission to a database (or if I could select users out of ldap and give them permission to login in a database).

So if you have any idea how I can do this, it would be great.
Johan
johan
 
Posts: 268
Joined: Sun Feb 27, 2011 7:46 pm
Location: Belgium

Re: Simple LDAP Validation

Postby johan » Thu Jun 13, 2013 4:26 am

Pablo,

Could you please post your complete formlogin.php and not only the part you've edited?

Thanks
Johan
johan
 
Posts: 268
Joined: Sun Feb 27, 2011 7:46 pm
Location: Belgium


Return to Custom Code



cron