Page 1 of 1

Simple LDAP Validation

PostPosted: Fri Oct 05, 2012 4:02 am
by nokopenit
Hi all,

I just wanted to share this code that I use to validate my Samba Ldap Users:

Our user must be created in nubuilder database and the password will be stored in a samba ldap directory.

We have to edit formlogin.php
Code: Select all

      // Change this query
      $s  = "SELECT zzsys_user_id AS ID, sal_name AS AccessLevel, sug_group_name as UserGroupName FROM zzsys_user ";
      $s .= "INNER JOIN zzsys_user_group ON sus_zzsys_user_group_id = zzsys_user_group_id ";
      $s .= "INNER JOIN zzsys_access_level ON sug_zzsys_access_level_id = zzsys_access_level_id ";
      $s .= "WHERE sus_login_name = '$user'"; //Only cheque if the user exists


      $t  = nuRunQuery($s);
      $r  = db_fetch_object($t);
      // the globeadmin username should not exist in the zzsys_user table
      if($r->ID!='' && $user=='globeadmin'){
         return $stoplogin;
      }
      
      //user name and password failed   
      if($r->ID=='' || !validate_ldap($user, $pass)){ //check the password with the validate_ldap function
         return $stoplogin;
      }   


//validate_ldap
function validate_ldap($user, $pass) {

      $ldapconfig['host'] = 'host ip';
      $ldapconfig['port'] = 389;
      $ldapconfig['basedn'] = 'dc=some,dc=com';

      $ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
      $r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $user);

      if ($r) {
          $result = @ldap_get_entries( $ds, $r);
          if ($result[0]) {
              if (@ldap_bind( $ds, $result[0]['dn'], $pass) ) {
            return true;
              }
          }
      }
      return false;
   }




Hope it helps.
regards
Pablo.

Re: Simple LDAP Validation

PostPosted: Fri Oct 05, 2012 7:44 pm
by johan
Pablo,

Nice but I'm looking for a solution that works in the other direction.

We use LDAP for email, intranet, .... so the users are already in LDAP. It would be nice if Ldap could give the permission to a database (or if I could select users out of ldap and give them permission to login in a database).

So if you have any idea how I can do this, it would be great.
Johan

Re: Simple LDAP Validation

PostPosted: Thu Jun 13, 2013 4:26 am
by johan
Pablo,

Could you please post your complete formlogin.php and not only the part you've edited?

Thanks
Johan