PHP :: Connecting To LDAP

PHP And LDAP
I can currently connect, bind and authenticate a user against
ActiveDirectory using OpenLdap and apache. I have apache compiled with
SSL as well. I force PHP to use https:// and i get the browser ask if i
want to accept the certificate etc. I'm also connecting to Ldap on port
686.

Now it all works fine apart, although then i started up ethereal to
check on the packets and it appears the username and password are being
sent in plain text. I cant work out why.

Heres the code.
==========================================
var $_domain_controllers = array ("hole.chase.local, 686");

//other variables
var $_user_dn;
var $_user_pass;
var $_conn;
var $_bind;

// default constructor
function adLDAP(){
//connect to the LDAP server as the username/password
$this->_conn = ldap_connect($this->random_controller());
ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0); //disable plain
text passwords
return true;.....

LDAP
I'm having trouble with LDAP for php (I guess with LDAP in general). I can get connected and bound to a given LDAP server and display records, but can't add. My code used to add is as follows: Code:

Ldap+php
I am new to LDAP. Could anyone tell me some good sites for LDAP tutorials with examples for ldif files.

LDAP
Does anyone know if there is a way to manually configure PHP to enable
the LDAP functions, without having to recompile PHP?

I am using Sokkit in a production environment and don't want to risk
messing things up.

Ldap
Any idea why Im i getting this error

Warning: ldap_get_values_len(): Cannot get the value(s) of attribute
Decoding error in ...

Im trying to read logonhours attribute of a user in Active Directory
(AD) using ldap.

I Need To Now About LDAP
I need to know what LDAP is in what way it is related to php or linux.

LDAP Attributes
I've got a problem with Sun's iPlanet Directory Server 5.1. I'm writing applications in PHP, and so far it's all going well. However, there appear to be some attributes that I can't fetch - one of these is passwordexpirationtime. I can get the usual stuff like uid, cn etc. but this (and some other attributes) cannot be fetched.

I've tried binding anonymously, and as the directory administrator - but I still get the same result. It appears that I am limited to the following :-

uid
givenname
objectclass
sn
cn
userpassword
creatorsname
modifiersname
createtimestamp
modifytimestamp
mail
telephonenumber
employeetype
dn

Is there anything that anyone could suggest ? Any help would be much appreciated - I need to provide a facility to let my users know when their password is about to expire.

LDAP And MYSQL
can any one put some light on why to choose LDAP against a database. what could be the advantages in comparison to a mysql db? Pls share with me as this cud be a critical technology in the near future.

PHP And LDAP On Windows
Anyone have recommendations as to the easiest LDAP libraries to install
on Windows for PHP? Building them from source on Windows is not an
option and we can't locate anything pre-built from UMich or OpenLDAP -
someone suggested the Novell and Mozilla SDKs but I have no idea where
to put the DLLs ..

PHP 5.0.4 under Windows XP

Ldap Support
I would like to install ldap support on php!

Steps :

1. php.ini : extension_dir = "c:php"
2. copy file c:phpextensionphp_ldap.dll to c:php
2. delete ; before extension=php_ldap.dll

And the message returned when i'm restarting Apache Web server is :

"Unable to find module c:phpphp_ldap.dll"

Using Domino LDAP ?
I'm working on a new system that my superiors have determined should use
LDAP for it's authentication and user management. Not real bad, but it's
proving to be a bit of a hassel.

I'm using a Lotus Domino server for the LDAP part. If, in the
ldap_search(...) function I pass it "o=myCompany" for the dn parameter (the
second parameter), I only get back the list of users, not the groups. I
only want back the groups in this instance.

The problem stems from the way Domino is returning the group information...
they don't belong to an "o" or anything like that. The only way to set
them apart from a person is through the objectclass, which can't be used in
the dn parameter.

Here's what Domino gives back for a group:

CN=cfUnixAdmin
cn=cfUnixAdmin
objectclass=top
objectclass=groupOfNames
objectclass=dominoGroup
member=CN=Bob Jones,O=myCompany
member=CN=John Doe,O=myCompany
member=CN=Bubba Smith,O=myCompany

So, the question is, how do you form an ldap search to get back the groups?

-> LDAP In SSL Problem <-
it seems to me that I have a problem using an LDAPS connection
to our server for identification purposes (using OpenLDAP and
OpenSSL).

Using PHP 4.4.4 I have the following code which correctly
binds in SSL but any "search" for attributes and their values
seems to return only the attributes for an anonymous connection.
Thus, this is restricted to a few ones instead of having them all
(especially the groupMembership I'm looking for).

$ldapconn = ldap_connect("ldaps://ldapserver", 636 )
or die( "Connection problem. " ) ;

if (ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "Using LDAPv3 
";
} else {
echo "Failed to set protocol version to 3";
}

// Verify whether the provided name exists
$ldapresult = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;
if( $ldapresult ) {
// User exists, now retrieve his DN and bind in SSL
$entries = @ldap_get_entries( $ldapconn, $ldapresult ) ;
if( $entries["count"] ) {
$ldapbind = ldap_bind( $ldapconn, $entries[0]['dn'], $pwd ) ;
if( $ldapbind ) {
echo "Succesfully bound " ;
// do some new ldap_search here
...
}
else {
echo "Bound failed " ;
}
}
}

This prints "Succesfully bound" with the correct credentials.

That's where I have a doubt. How does the ldap function then work
knowing it has correct credentials?

After the succesful bind, if I do another search, I still get the
basic attributes (about 6 of them), not all of them.
For example:
$result = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;

Does ldap_bind change the content of $ldapconn in order to know
that we're now securely authotified???

I really miss something there. Does the ldap_bind call change anything
to the ldap function behaviors after being succesful?
How does the application know we're correctly identified?

The server has a valid certificate (the bind() wouldn't work anyway if
that were not the case).

LDAP Exop How?
I'm trying to write a script to change LDAP passwords using exop
transactions but I can't see any reference to it in the PHP library. Can
anyone please help me out? How do I change LDAP passwords using exop? Do
I have to write my own module? If so, how do we do that?

Problem With LDAP-add
I am using php5 and trying to add users to the AD with the following
php-script, but it doesnt work. Login,... works fine but I get an
error:
"ldap_add() [function.ldap-add]: Add: Referral in
C:wampwwwvalidAdminPage.php on line 51"(line 51 is the line which
does the add). an the output "There was a problem" which is the output
if the add goes wrong.

The script:

$ldaprdn = "admin@ville.dom";
$ldappass ="<password>";
$ds = ཆ.121.2.202'
$dn = "CN=jmiller,CN=Users;dc=ville,dc=dom";
$ldapport = 389;
$ldapconn = ldap_connect($ds, $ldapport)
or die("Could not connect to LDAP server.");
if ($ldapconn)
{
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind){
$adduserAD["cn"][0] = "jmiller";
$adduserAD["samaccountname"][0] = "jmiller";
$adduserAD["objectclass"][0] = "top";
$adduserAD["objectclass"][1] = "person";
$adduserAD["objectclass"][2] = "organizationalPerson";
$adduserAD["objectclass"][3] = "user";
$adduserAD["displayname"][0] = "jemp miller";
$adduserAD["name"][0] = "jemp";
$adduserAD["givenname"][0] = "miller";
$adduserAD["sn"][0] = "Bisdorff";
$adduserAD["company"][0] ="vdl";
$adduserAD["description"][0] = "my description";
$adduserAD["mail"][0] = "jmiller@ville.dom";
$adduserAD["samaccountname"][0] = "jbisdorff";
$adduserAD["userprincipalname"][0] ="jmiller@ville.dom";
// add data to directory
$result=ldap_add($ldapconn, $dn, $adduserAD);
if ($result)
echo "User added!";
else
echo "There was a problem!";

ldap_unbind($ldapconn);

LDAP Authentication
My applications authenticate to the users table of my db. Now I am required to authenticate the users to directory with LDAP. I have searched and found several very complicated tutorials that do much more than a simple authentication. All I want to do is authenticate the users.....if they have an account, let them in....or else send them away. Simple to do with PHP & Mysql, but I need to know how to go about this with PHP & LDAP and I can't seem to find a simple explanation of how to go about this, from the standpoint of complete novice to LDAP.

LDAP / AD Auth
Does anyone have a front end form for the LDAP class that they wouldn't mind posting. Just trying to enable site access based on Active Directory

PHP, LDAP, List OUs And Sub-OUs
I have managed to connect to Microsoft Active Directory, using PHP and LDAP. Also managed to performe a search in AD for UserAccount information.

What I need help with, is to search in AD within an OU (Organizational Unit) and list the reslut into an own array. i.e.

In AD the structure looks like this:

+Sales
-USA
-Sweden
-Belgium
+Finance
-Usa
-Sweden
-Belgium

I would like to have them in an array in the format:

Sales/USA
Sales/Sweden
Sales/Belgium
Finance/Usa
Finance/Sweden
Finance/Belgium

Ldap Module
I'm having trouble using the ldap module with php which runs on a linux server. I've run php on a windows server and I know that pretty much all you do is copy your .dll to the right folder, restart apache, and you're done. I uncommented out the "extension=php_ldap.so" in my php.ini file, but the module isn't even in the extension directory folder (/usr/lib/php5/20060613).

Php & Connecting
For example I have an IP : port and on connect (for example using telnet) it shows me some info (like current air temp) and after it closing connection.

How can i insert it on my web page using PHP? And on every visit on this page php connects to this IP, gather this info and shows it on page?

Connecting To Db..
this seems pretty straight-forward.. got this code

$link = mysql_connect('localhost:3306', '<uid>', '<pswd>');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully'
mysql_close($link);

from here..
http://us2.php.net/function.mysql-connect

but can't connect, get this error:

Connect to db:
Warning: mysql_connect() [function.mysql-connect]: Can't connect to
MySQL server on 'localhost' (10061) in
C:xamppxampphtdocshomeconn.php on line 19
Could not connect: Can't connect to MySQL server on 'localhost' (10061)

I connect to this same MySQL server from Tomcat w/no problem.. what is
issue here pls...

now on top of pg mentioned above, there this description:

resource mysql_connect ( [string server [, string username [, string
password [, bool new_link [, int client_flags]]]]] )

what does 'resource' refer to here pls... and where to do specify what
db to connect to... (in java you put db-name in same line where you
make the connection..)
(and don't you need a driver to connect, I use a JDBC driver to
connect w/Java..)

Connecting To An API
I need to use a company's API in order to try and convert video files into flash files and then play them Youtube style. There is a set API to use, but the instructions are incredibly vague, and me being new to APIs in general, I have absolutely no idea where to start to get the results. I can program basic PHP forms and database stuff, but this is all new to me. Code:

Search From Ldap Is Not Working
First time i used Ldap search ,add, delete and other functions but they are not working I gave all entries correct.

Errors On PHP Build With LDAP
I am working on an OS X 10.1.2 box.

I have complied OpenLDAP and it is working fine. I can compile PHP (tried 4.0.6 and 4.1.1) with LDAP using:

LDAP, KADM5 And Phpinfo()
I read the instructions on how to install the LDAP module on a windows
machine in the php manual at
http:://phpbuilder.com/manual/en/ref.ldap.php

All it said was to put the libeay32.dll and ssleay32.dll files in the windows SYSTEMS folder. Either C:WINDOWSSYSTEM or C:WINNTSYSTEM32. The manual did not say anything about installing K5ADM. The rest of the detailed information
on that page was for a linux platform. I also took out the ; in the
extension=php_ldap.dll line in php.ini.

When I did that I then restarted my web browser and ran a page that
only had PHPINFO() in the html. I did not see anywhere on the output
page where LDAP or K5ADM shown. Are these modules supposed to show up
in a phpinfo page? And if not how do I know they are running?

UserPassword Field In Ldap
I have a problem with the use of ldap with php.

I have an interface which is used to create users in a ldap directory.
Adding users work fine, but I can't set correctly the userpassword field.
I tried different methods of crypting the password (md5, sshsa}, tried to
put {MD5} or {SSHSA} before the password, but it does not work. The field
is correctly added to the directory, but the user can not log in.

I also tried to use:
$pass = exec(/usr/bin/slappasswd motdepasse);
but it returns an error code 1, although it works perfectly fine in
console.

Of course, adding a user using a ldif file and ldapadd works fine.

I am running ldap server openldap version 2.1.22 and php4.

LDAP/Exchange Authentication
Anyone know how to authenticate via LDAP onto an Exchange Server and retrieve an email address for the user logged in? I can connect, bind but my ldap_search() fails miserably and I can't find much help on the Net anywhere.

LDAP, Proxy Certificate
Can I and how use temporary certificate
as proxy to establish connection with
LDAP server? Instead of using

ldap_bind()

to authentication I want to use
alternative function to eliminate
passing 'username' and 'password'.

LDAP And TelephoneNumber Attribute
Anyone have a problem with PHP returning the telephoneNumber attribute empty while all the other attributes return just fine. Someone had the same exact problem on phpbuilder but it was never solved. Apparently it holds true for facsimileTelephoneNumber also. Any ideas?

Ldap Authentication Error
I'm trying to make a ldap query but I am getting a strange error.

Warning: ldap_bind() expects parameter 1 to be resource, null given in
home/user1/cgibin/test.php on line 10

Does anyone knows what this means.

This is the code :

$bind = ldap_bind($ds ,"cn=user,o=company","password");

I have ldap support in php.

[PHP Modules]
ldap
openssl
overload
pcre
posix
session
standard
tokenizer
xml

LDAP Configuration On Win32
I have php 4 installed on a win 2k prof machine. I can't seem to get LDAP configured correctly. In the php.ini file I included the 'c:phpextensions' for the extension_dire. Then I uncommented the extension=php_ldap.dll line and copied the phpldap.dll to the 'c:phpextensions' location. I restarted IIS but had no luck loading the ldap.dll. The web site couldn't it seemed to be trying the load the ldap.dll but just timed out.

LDAP For Windows Server?
I'm wondering if anyone has any clue where to get an ldap server for
windows? I'm trying to avoid installing the resource hog Active Directory on
my server with limited resources(diskspace/memory).

Perhaps that anyone ever compiled sucessfully the OpenLDAP, an opensource
distribution.

Protecting Against Ldap Injection?
Say I have the following in a PHP script of mine:

$sr=ldap_search($ds, "", "(& (sn=$_GET[lastname]) (givenName=
$_GET[firstname]*))");

If $_GET[lastname] contains a ), an attacker could escape out of the
first part of the LDAP query and perform ldap injection, as it were
(not sure what can be done with ldap injection, though).

My question is... how do I prevent this? Would I escape ) with )?
Would there be other characters I'd need to escape, as well?

LDAP Authentication Problem
I'm developping a module in PHP to get the users of a LDAP server and
add them in a Postgre database, where normal users are too.

I've managed to do this "easily" but now a new problem shows up.
When a user tries to logon onto the platform, I have to verify whether
he is a normal user or not. If he is a normal user, I check the login
and password basically, with just a select into the database.

But when the user comes from a LDAP server, in order to check if he is
still present on the LDAP server, I have to make a connection on the
LDAP server and bind with his "login" (DN) and password.

The problem is that PHP keeps sending me a ldap_bind error (not enough
credential, error 50).
With the manager account, I can bind easily on to the server but not
with a normal user account.

I guess that the problem comes from the Access List in the slapd.conf
(I'm using OpenLDAP), but I can't find a good access list.
I've first thought about logging in with the manager account and then
check if the user was still on the server but the password encryption
can change, and OpenLDAP isn't the only server that might be used with
the platform.

Problem LDAP And Win2003 AD
I'm trying simple scripts to browse an Active Directory via LDAP
functions ... My domain is: schoollm.lan

The script I'm trying:

----------
$root_dn = "administrator@mascheroni.lan";
$root_pw = "secret";
$conn = ldap_connect("192.168.10.1") or die("Could not connect to server");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server");
$result = ldap_search($conn,"dc=schoollm, dc=lan","(cn=*)") or die ("Error in search query");
$info = ldap_get_entries($conn, $result);
for ($i=0; $i<$info["count"]; $i++)
{
echo "dn is: ". $info[$i]["dn"] ." ";
echo "first cn is: ". $info[$i]["cn"][0] ." ";
echo "first email address is: ". $info[$i]["mail"][0] .""; }
echo "Number of entries found: " . ldap_count_entries($conn, $result)
ldap_close($conn);
----------

I always get this error:

Secure LDAP Problem
I managed to get LDAP working on my server, I realized that in order to change a user's password on Active Directory, I need to make a secure connection to LDAP (This is where the problem comes in).

Here is what I have done so far:

1.) Enabled "php_ldap.dll" in php.ini
2.) Copied required dll's into the system path
3.) Created an SSL certificate using SelfSSL
4.) Exported the certificate using Certificate Authority
5.) Converted the certificate from .cer to .pem using OpenSSL
6.) Created "C:OpenLDAPsysconf" directory
7.) Created "ldap.conf" in the above mentioned directory
8.) Entered the following lines in ldap.conf:
TLS_REQCERT never
TLS_CACERT C:OpenLDAPsysconfcertscertificate.pem
TLS_CACERTDIR C:OpenLDAPsysconfcerts
9.) Restarted the server

The environment I am running on:

Windows Server 2003 R2 Standard Edition /w SP2
IIS 6.0
PHP 5.2.3

Actual Problem:
I can neither bind using the "ldaps://" protocol nor can I establish ldap_start_tls($conn). Binding with "ldap://" works fine, but will not let me change password in a non-secure mode.

Active Directory And LDAP
I have a php Intranet, and what I would like to do is hit the Active Directory and bring back the Username, FirstName and Lastname from Active Directory and set them to variables, so I can either display them or insert them into a database.

A few things to consider, php is installed on the server, but I don't have access to the server to change any settings. This is just a side project and we are blowing up the existing intranet and going with a Content Management System, so the easier the better.

BaseDN LDAP Search
I'm having a problem with an LDAP search from PHP against a Win2K3 Active Directory.

My script will happily search an OU such as "OU=Techs,DC=Domain,DC=Local", but if I search the root of the AD using just "DC=Domain,DC=Local" then I get an Operations Error returned.

Connecting To A Different Host
Is there anyway to connect to a given host from a form and do all the processing of information and calculations at that host and then display the results on the clients computer? I was thinking of a socket connection but I don't know if that would work well. Any suggestions would be appreciated.

Connecting To A Acess DB
I have been connecting to an acess db by ODBC. i am wondering if there is another way to connect to it.

Memcache Not Connecting
memcache appears to be installed correctly, but when I use
memcache_connect I get the following error:
Warning: memcache_connect(): Can't connect to localhost:11211, Unknown
error (0)

I'm connecting using the following command:
$memcache_obj = memcache_connect('localhost', 11211);

Memcache info from phpinfo():
memcache
memcache support enabled
Active persistent connections 0
Revision $Revision: 1.53 $

Directive Local Value Master Value
memcache.allow_failover 1 1
memcache.chunk_size 8192 8192
memcache.default_port 11211 11211

Finally, var_dump(extension_loaded('memcache')); returns true.

Connecting To MS-SQL Using PHP4!
I am trying to connect to our NT based MS-SQL server from my remote linux box, i have a RH linux 6.2 plat, with PHP4.0.3, using sybase ase libs, i compiled it like the faq says, configured it, set up the interface files, but i get the following error:

Fatal error: Call to undefined function: mssql_connect()in /usr/local/apache/htdocs/mssql.php on line 4

So i havent got to actually be able to connect to anything being, its saying function isnt supported.

Trouble Connecting With FTP
I'm using PHP 4.3 on Apache 2, connecting to a VSFTP server running on
Fedora Core 5. The Fedora machine is my home computer, which sits
behind a router. I have opened up the FTP port, and I can connect fine
from an FTP client if I'm using active mode. However the following
code fails to upload a file

// set up basic connection
$conn_id = ftp_connect($ftp_host);
if ($conn_id) {
// login with username and password
$login_result = ftp_login($conn_id,
$ftp_user, $ftp_pwd);
if ($login_result) {
// Disable passive mode
ftp_pasv($conn_id, false);

// upload the file
$remote_path = "$ftp_dir/" .
SQL_PRODUCT_SHORT_FILE_NAME;
ftp_delete($conn_id,
$remote_path);
// line 96
$upload = ftp_put($conn_id,
$remote_path, $sql_file_path, FTP_ASCII);
// check upload status
if (!$upload) {
die("FTP upload has
failed!");
}
with the following

Warning: ftp_put() [function.ftp-put]: Failed to establish connection.
in /usr/local/apache2/htdocs/super_admin_rs/sa_prod_fns.php on line 96
FTP upload has failed!

I have verified that the file in question exists. Any other ideas on
how I can troubleshoot this problem?

Connecting To Access Db
i was working with asp but the site is launched in linux server.had to switch to php.
i had a access db admin.mdb i need to connect to admin.mdb and insert and retrieve data from it.

Connecting To Remote Dsn
Is it possible to connect to a remote server's dsn:

odbc_connect("198.162.1.1:webAccess", "user", "password")

where "webAccess" is the system dsn in the remote server..

Connecting To Pervasive SQL
In a development I'm doing I need to connect to a Pervasive SQL database to retrieve some data for use in my application.

In the PHP documentation I couldnt' find any connections to Pervasive SQL and would prefer not to use ODBC as the app will be running of a Linux box, while the Pervasive SQL is running on a Windows Box. Do you have any suggestions how I can create a connection to Pervasive SQL with PHP?

PHP Not Connecting To MySQL?
I installed Apache 2.0.55, PHP 5.1.1, and MySQL 5.0.17 (in that
order, on Windows XP). I have managed to get Apache and PHP working
right, and MySQL by itself seems ok too. However, when I try to do any
MySQL command within PHP, it just does nothing. No success, no error.
I tried uncommenting the line "extension=php_mysql.dll", but when I
restart Apache it tells me "PHP Startup: Unable to load dynamic library
php_mysql.dll - The specified module could not be found.". No matter
where I copy the file so that it can find it. No matter what I put in
"extension_dir".
What's wrong?