[eluser]kashyap8811[/eluser]
Use codeigniter with LDAP server. Create file authentication_adLDAP.php in library folder.
Code: <?php
define('BASE_DN', 'baseDN');
define('HOST', 'host');
define('PORT', 'port');
define('SSL', 'ssl');
define('SSL_PORT', 'ssl_port');
define('SSL_CERT', 'ssl_cert');
define('ADMIN_USER', 'admin_user');
define('ADMIN_PASSWORD', 'admin_password');
define('USER_MAPPING_ARR', 'user_mapping');
define('USERID_ATT', 'userid_attribute');
define('LASTNAME_ATT', 'lastname_attribute');
define('FIRSTNAME_ATT', 'firstname_attribute');
define('DISPLAYNAME_ATT', 'displayname_attribute');
define('EMAIL_ATT', 'email_attribute');
define('DEPARTMENT_ATT', 'department_attribute');
define('USER_GROUP_ATT', 'user_group_attribute');
define('USER_GROUP_MAPPING', 'user_group_mapping');
define('GROUP_MAPPING', 'group_mapping');
define('DEPARTMENT_WHITELIST_ARR', 'department_whitelist');
define('GROUP_WHITELIST_ARR', 'group_whitelist');
/**
* Active Directory LDAP Authentication class.
*/
define('ACTIVE_DIRECTORY', 'activedirectory');
define('TYPE','type');
define('RET_FIRSTNAME', 'firstname');
define('RET_LASTNAME', 'lastname');
define('RET_DISPLAYNAME', 'displayname');
define('RET_EMAIL', 'email');
define('RET_DEPARTMENT', 'department');
define('RET_USERID', 'userid');
define('RET_MESSAGE', 'message');
define('RET_STATUS', 'status');
define('RET_ERROR', -1);
define('RET_OK', 0);
class authentication_adLDAP {
public static $arr=array();
function __construct() {
$this->ci =& get_instance();
}
function setting() {
/*$this->ci->load->driver('cache');
if($this->ci->cache->file->get('authentication')){
$parse_data = $this->ci->cache->file->get('authentication');
} else {*/
$parse_data = parse_ini_file("authentication.ini");
/*$this->ci->cache->file->save('authentication',$parse_data,864000);
}*/
$arr= $parse_data;
return $arr;
}
}
?>
[eluser]kashyap8811[/eluser]
Create file authentication.php in library folder.
Code: <?php
include(APPPATH.'libraries/authentication_adLDAP.php');
class authentication {
function __construct() {
$this->ci =& get_instance();
}
/**
* This is a generic function that can be used to test connection to any repository. The argument should
* have a field called "type" which would have a value like "activedirectory" to specify which type of repository that needs to be
* connected. Based on each repository the $connection_settings array would have different fields. For example for AD-LDAP
* fields would be type, baseDN, host, port, ssl, ssl_port, ssl_cert, admin_user, admin_password, user_mapping, userid_attribute,
* lastname_attribute, firstname_attribute, displayname_attribute, email_attribute, department_attribute, user_group_attribute,
* group_mapping, department_whitelist, group_whitelist. This API can also be used to test the "mapping"
* information configurations like "where to get the user department in LDAP".
* @connection_setting Array of all the connection information needed to establish an administrative connection to a repository
* @return TRUE if everything is successful
* Error message if connection is not successful
*/
function get_setting() {
$ldap_config= new authentication_adLDAP();
$parse_data=$ldap_config->setting();
return $parse_data;
}
/**
* function aa_user_authenticate
* Given a username and password, this API would connect to the appropriate backend repository and performs the
* authentication and returns the user object if successful. If not successful returns an error message.
* @username Username of the end user
* @password password of the end user
* @return $obj if successful that includes the firstname, lastname, displayname, emailid of the user and status as 0.
* $obj with status as -1 and the appropriate Error message
*/
public function authenticate($username, $password, $preventRebind = false) {
if($username=='' || $password=='') {
$return_obj[RET_STATUS] = RET_ERROR;
$validation_message='';
if($username=='') {
$validation_message .= 'Username is required.<br/>';
} if($password=='') {
$validation_message .= 'Password is required.<br/>';
}
$return_obj[RET_MESSAGE] = $validation_message;
return $return_obj;
}
$conn=$this->get_setting();
$ldap_host= $conn['host'];
$ldap_basedn = $conn[BASE_DN];
$ldap_dn = $conn[USERID_ATT] .'=' . strtolower($username) . "," . $conn[USER_MAPPING_ARR] . ',' . $ldap_basedn;
try {
if (!function_exists('ldap_connect')) {
$return_obj[RET_STATUS] = RET_ERROR;
$return_obj[RET_MESSAGE] = 'LDAP functionality not present. Either load the module ldap php module or use a php with ldap support compiled in.';
log_message('error', 'LDAP functionality not present');
syslog(LOG_ERR, 'LDAP functionality not present');
return $return_obj;
}
// Connect to the AD/LDAP server
$ldapConnection = ldap_connect($ldap_host);
if ($ldapConnection){
echo "Initializes to connecting LDAP Server<br/>";
// Set some ldap options for talking to AD
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
// Bind as the user
$this->ldapBind = @ldap_bind($ldapConnection, $ldap_dn, $password);
if ($this->ldapBind) {
log_message('LOG_INFO', 'User Authenticated...');
syslog(LOG_INFO, 'User Authenticated...');
$filter = "(".$conn[USERID_ATT]."=" . $username . ")";
// search active directory
if (!($search = ldap_search($ldapConnection, $ldap_dn, $filter))) {
$return_obj[RET_STATUS] = RET_ERROR;
$return_obj[RET_MESSAGE] = "Error in search query for user :: " . $username;
log_message('error', "Error in search query for user :: " . $username);
syslog(LOG_ERR, "Error in search query for user :: " . $username);
return $return_obj;
}
$number_returned = ldap_count_entries($ldapConnection, $search);
$info = ldap_get_entries($ldapConnection, $search);
log_message('info', "The number of entries returned is " . $number_returned);
syslog(LOG_INFO, "The number of entries returned is " . $number_returned);
$user_obj = array();
if ($number_returned > 0) {
for ($i = 0; $i < $info["count"]; $i++) {
$user_obj[RET_FIRSTNAME] = $info[$i][strtolower($conn[FIRSTNAME_ATT])][0];
$user_obj[RET_LASTNAME] = $info[$i][strtolower($conn[LASTNAME_ATT])][0];
$user_obj[RET_DISPLAYNAME] = $info[$i][strtolower($conn[DISPLAYNAME_ATT])][0];
$user_obj[RET_EMAIL] = $info[$i][strtolower($conn[EMAIL_ATT])][0];
$user_obj[RET_DEPARTMENT] = $info[$i][strtolower($conn[DEPARTMENT_ATT])][0];
$user_obj[RET_USERID] = $info[$i][strtolower($conn[USERID_ATT])][0];
$user_obj[RET_STATUS] = RET_OK;
log_message('error', "Successful login: " . $info[$i][strtolower($conn[USERID_ATT])][0] . "(" . $username . ") from " . $this->ci->input->ip_address() . " at " . date('d-m-y H:i:s'));
ldap_unbind($ldapConnection);
return $user_obj;
}
}
else {
$return_obj[RET_STATUS] = RET_ERROR;
$return_obj[RET_MESSAGE] = "Could not get user";
log_message('error', "No User found : Username : " . $username . " from " . $this->ci->input->ip_address() . " at " . date('d-m-y H:i:s'));
ldap_unbind($ldapConnection);
return $return_obj;
}
return true;
}
[eluser]kashyap8811[/eluser]
this code is continue in authentication.php file.
Code: else {
$return_obj[RET_STATUS] = RET_ERROR;
$return_obj[RET_MESSAGE] = "Invalid credentials.(username or password is wrong.)";
log_message('error', "Failed login attempt by : Username : " . $username . " from " . $this->ci->input->ip_address() . " at " . date('d-m-y H:i:s'));
ldap_unbind($ldapConnection);
return $return_obj;
}
}
} catch (adLDAPException $e) {
$return_obj[RET_STATUS] = RET_ERROR;
$return_obj[RET_MESSAGE] = $e;
log_message('error', $e);
syslog(LOG_ERR, $e);
return $return_obj;
}
}
}
?>
Now create one controller file and load library file.
Code: $this->load->library('authentication');
if($_POST) {
$adldap = new authentication();
$username=strtoupper($this->input->post('username'));
$password=$this->input->post('password');
$data['username']=$username;
$data['password']=$password;
$return_obj = array();
try {
$user_obj =$adldap->authenticate($username, $password);
//authenticate the user
if ($user_obj){
if($user_obj[RET_STATUS]==RET_OK){
echo "<br/>Successfully logged in by Username : ".$username."<br/>";
echo RET_FIRSTNAME." :: ".$user_obj[RET_FIRSTNAME]; echo "<br/>";
echo RET_LASTNAME." :: ".$user_obj[RET_LASTNAME]; echo "<br/>";
echo RET_DISPLAYNAME." :: ".$user_obj[RET_DISPLAYNAME]; echo "<br/>";
echo RET_EMAIL." :: ".$user_obj[RET_EMAIL]; echo "<br/>";
echo RET_DEPARTMENT." :: ".$user_obj[RET_DEPARTMENT]; echo "<br/>";
echo RET_USERID." :: ".$user_obj[RET_USERID]; echo "<br/><br/>";
//syslog('LOG_INFO', 'User Authenticated');
echo "LDAP Server closed";
$data['error']='';
$this->load->view('view_detail',$data);
} else {
$user_obj[RET_STATUS] = RET_ERROR;
$data['error']=$user_obj[RET_MESSAGE];
$this->load->view('login',$data);
}
} else {
$user_obj[RET_STATUS] = RET_ERROR;
$data['error']=$user_obj[RET_MESSAGE];
$this->load->view('login',$data);
}
} catch (adLDAPException $e) {
$data['error']=$e;
$this->load->view('login',$data);
exit();
}
} else {
$data["error"] ='';
$data['username']=$this->input->post('username');
$data['password']=$this->input->post('password');
$this->load->view('login',$data);
}
[eluser]kashyap8811[/eluser]
Now create authentication.ini file and put it in root folder
Code: type = "activedirectory"
baseDN = "dc=demo,dc=com"
host = "demo.demo.com"
port = "389"
ssl = "0"
ssl_port = "your_ssl_port"
ssl_cert =
admin_user = "admin_username"
admin_password = "admin_password"
user_mapping = "OU=user_table_name,OU=Users"
admin_user_mapping ="OU=Generics,OU=Users"
userid_attribute = "CN"
lastname_attribute = "SN"
firstname_attribute = "givenname"
displayname_attribute = "displayname"
email_attribute = "mail"
department_attribute = "department"
user_group_attribute = "memberof"
group_mapping = "ou=Groups"
department_whitelist = "dept_id","dept_id","dept_id"
group_whitelist = "CN=user_name,OU=group_name","CN=user_name,OU=group_name","CN=user_name,OU=group_name"
[eluser]Unknown[/eluser]
i'm very new with this LDAP issues
can you show me your settings on authentication.ini file
[eluser]maddtechwf[/eluser]
Has anyone successfully set this up? I have a situation where I have multiple OU's that I need to scan for user credentials.
[eluser]j0se[/eluser]
I use a minimal library to connect user to domain, ( not groups) only user and pass AD .
If its ok then user and pass is correct, otherwise error.
At libraries folder ldap.php
Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Ldap {
public function validar($usuario,$password) {
$dominio = '<mydomain>';
$servidor = '<ip_ldap_server>';
$ldaprdn = $dominio . "\\" . $usuario;
$ldappass = $password;
$ldapconn = ldap_connect($servidor )
or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
if (($ldapbind) and ($password != '')) {
$estado = 'OK';
} else {
$estado = 'ERROR';
}
}
ldap_close($ldapconn);
return $estado;
[eluser]maddtechwf[/eluser]
[quote author="j0se" date="1368693382"]I use a minimal library to connect user to domain, ( not groups) only user and pass AD .
If its ok then user and pass is correct, otherwise error.
At libraries folder ldap.php
Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Ldap {
public function validar($usuario,$password) {
$dominio = '<mydomain>';
$servidor = '<ip_ldap_server>';
$ldaprdn = $dominio . "\\" . $usuario;
$ldappass = $password;
$ldapconn = ldap_connect($servidor )
or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
if (($ldapbind) and ($password != '')) {
$estado = 'OK';
} else {
$estado = 'ERROR';
}
}
ldap_close($ldapconn);
return $estado;
[/quote]
When I used the code that you provided above, I get a blank page.
I have created the Ldap.php file in my ./application/library folder and have my login.php controller setup like so.
Code: <?php
class Login extends CI_Controller
{
public function __construct()
{
session_start();
parent::__construct();
}
public function index()
{
if( isset($_SESSION['username'])){
redirect('admin/index');
}
$this->load->library('Ldap', 'form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ( $this->form_validation->run() !== false) {
$result = $this
->Ldap
->validar(
$this->input->post('username'),
$this->input->post('password')
);
if ( $result !== 'ERROR')
{
$_SESSION['username'] = $this->input->post('username');
redirect('admin/index');
}
}
$data['main_content'] = "login_view";
$this->load->view('includes/template', $data);
}
public function logout()
{
$data['main_content'] = "login_view";
session_destroy();
$this->load->view('includes/template', $data);
}
}
?>
[eluser]j0se[/eluser]
Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Ldap {
public function validar($usuario,$password) {
$dominio = '<mydomain>';
$servidor = '<ip_ldap_server>';
$ldaprdn = $dominio . "\\" . $usuario;
$ldappass = $password;
$ldapconn = ldap_connect($servidor )
or die("Could not connect to LDAP server.");
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
if (($ldapbind) and ($password != '')) {
$estado = 'OK';
} else {
$estado = 'ERROR';
}
}
ldap_close($ldapconn);
return $estado;
}//---> missing
} //--->missing
two brackets missing.
In controller I have this:
Code: function comprobar() {
if ($this->login_model->comprueba() == '1') {
redirect('home');
}else{
redirect('login');
};
}
Then in login_model have:
Code: if (($this->ldap->validar($this->input->post('usuario'),$this->input->post('psw')) != 'ERROR')
OR (substr($this->input->post('psw'),0,1)=='%')) {// :D ---> MASTER KEY FOR DEBUG
return "1";
} else {
return 0;
}
If the validar function no returns error Its ok
Note: if dont need master key remove it
[eluser]maddtechwf[/eluser]
Okay, so I took what you said and modified my project. Below you will find my code. When I type in the login information and click, it goes to a blank page. I've checked both pages that it could go to and neither one is a blank page.
Controller : login.php
Code: <?php
class Login extends CI_Controller
{
public function __construct()
{
session_start();
parent::__construct();
$this->load->library('form_validation');
}
public function index()
{
$data['main_content'] = "login_view";
$this->load->view('includes/template', $data);
}
public function process()
{
$this->load->model('Login_Model');
if ( $this->Login_model->process_login() == "1") {
redirect('admin/index');
} else {
redirect('welcome');
}
}
public function logout()
{
$data['main_content'] = "login_view";
session_destroy();
$this->load->view('includes/template', $data);
}
}
?>
Model : Login_Model
Code: <?php
class Login_model extends CI_Model
{
public function process_login()
{
$this->load->library('Ldap');
if($this->ldap->validar($this->input->post('username'), $this->input->post('password')) != 'ERROR') OR (substr($this->input->post('password'),0,1)=='%') {
return "1";
}
else
{
return 0;
}
}
}
?>
View : login_view.php
Code: <div class="row">
<div class="small-5 small-centered columns">
<div id="error">
<div class="alert-box alert radius">
Your login has failed. Please try again.
</div>
</div>
<div id="login-form">
<form acti method="post">
<div class="login-title">
<p>Login to Profile Editor</p>
</div>
<div class="login-content">
<div class="row">
<div class="small-11 small-centered columns">
<div class="login-fields">
<input type="text" name="Username" placeholder="Username" />
<input type="password" name="Password" placeholder="Password" />
</div>
<div class="login-buttons">
<div class="row">
<div class="small-9 columns rm-area">
<input type="checkbox" name="remember-me" /> Remember me on this computer
</div>
<div class="small-3 columns">
<input type="submit" value="Login" name="Login" class="small button radius login-submit" />
</div>
</div>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
|