New LDAP Library!

[eluser]Wil Wazka[/eluser]
To be honest and fair, this is a very needed library, always requested as part of the 'database' core drivers.
However in the other hand, it is worth to take time for improving.

Right now I'm using this, but found some flexibility lacks, two of them pointed out here as 'issues', but they are easily solved with some group work.

As I'm highly interested in this library, let's take some time to point this two first 'issues' and my proposal for solution (sorry for my bad english, not my mother language).

1) As noted by @traveler, trying to initialize the library as explained in the documentation, just doesn't work, because the constructor requires a config array parameter to be passed in to the

Code:

$this->load->library('ldap')

invocation and the docs says it must be made before the library is actually instantiated.
From here, and by looking into the code, I just wonder why don't we provide any

Code:

init() and connect()

methods, and let the constructor try to bind to the server 'only' if the parameter suitable values are passed in.
Besides... what about a config file instead or as complement of the constants alternative?

2) As pointed by someone here up, there's a lack of some error handling, from the OO sight, IMHO.
In the following code, I've included these behaviours:

a. Test the presence of 'connection data' using empty instead of direct NULL comparation.
b. Try to connect to the server anonymously if the above condition isn't true.
c. Check the _error() method at the bottom, and it's usage within the constructor.

Hope this may be useful at least as example.
May this common effort lead us into a very useful plus flexible solution. Cheers!

Code:

/**
     * Initialize the user preferences
     *
     * Accepts an associative array as input, containing display preferences
     *
     * @access    public
     * @param    array    config preferences
     * @return    void
     */
    function Ldap($options = array())
    {
        //you can specifically overide any of the default configuration options setup above
        if(count($options) > 0)
        {
            if(array_key_exists("account_suffix",$options))
            {
                $this->_account_suffix=$options["account_suffix"];
            }
            if(array_key_exists("base_dn",$options))
            {
                $this->_base_dn=$options["base_dn"];
            }
            if(array_key_exists("domain_controllers",$options))
            {
                $this->_domain_controllers=$options["domain_controllers"];
            }
            if(array_key_exists("ad_username",$options))
            {
                $this->_ad_username=$options["ad_username"];
            }
            if(array_key_exists("ad_password",$options))
            {
                $this->_ad_password=$options["ad_password"];
            }
            if(array_key_exists("real_primarygroup",$options))
            {
                $this->_real_primarygroup=$options["real_primarygroup"];
            }
            if(array_key_exists("use_ssl",$options))
            {
                $this->_use_ssl=$options["use_ssl"];
            }
            if(array_key_exists("recursive_groups",$options))
            {
                $this->_recursive_groups=$options["recursive_groups"];
            }
        }

        //connect to the LDAP server as the username/password
        $dc = $this->random_controller();
        if($this->_use_ssl)
        {
            $this->_conn = ldap_connect("ldaps://".$dc);
        }
        else
        {
            $this->_conn = ldap_connect($dc);
        }

        if( ! $this->_conn )
        {
            show_error ("FATAL: AD connection to '". $dc ."' failed. <br/>"
                        .ldap_err2str());
            return FALSE;
        }

        //set some ldap options for talking to AD
        ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0);

        //bind as a domain admin if they've set it up
        if( ! empty($this->_ad_username) && ! empty($this->_ad_password) )
        {
            $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);
            if( ! $this->_bind)
            {
                if($this->_use_ssl)
                {
                    //if you have problems troubleshooting, remove the @ character from the ldap_bind command above to get the actual error message
                    if ( $this->_error ("FATAL: AD bind to '". $dc ."' failed. <br/>Either the LDAPS connection failed or the login credentials are incorrect.") )
                    return FALSE;
                }
                else
                {
                    if ( $this->_error ("FATAL: AD bind to '". $dc ."' failed. Check the login credentials.") )
                    return FALSE;
                }
            }
        }
        else
        {
            $this->_bind = @ldap_bind($this->_conn);
            if( ! $this->_bind )
            {
                if ( $this->_error("FATAL: Anonymous AD bind to '". $dc ."' failed."))
                    return FALSE;
            }
        }

        return TRUE;
    }

    // basic test for errors
    function _error( $msg )
    {
        $errno = ldap_errno($this->_conn);
        if ($errno)
        {
            show_error("LDAP Lib error: (". $errno .") "
                        . ldap_err2str($errno) ."<br/>". $msg );
        }
        return (bool) $errno;
    }

[eluser]Unknown[/eluser]
Iverson,

Thanks for contributing this library! It has saved me a lot of time.

[eluser]Wiggum[/eluser]
I am the author of adLDAP, which you've kindly ripped my class, changed my licence, and removed my details.

Users of this library, be aware that it's stolen work, non-attributed, and I'm considering my options in regards to the licence breach.

I'm not unreasonable, if the author reinstates the licence and attributes it to me instead of just stealing my (our) work, then I'd actively encourage Code Igniter to use the derivative work.

Thanks, Scott.

[eluser]Wiggum[/eluser]
On reflection I hope the licencing problem is just a misunderstanding.

adLDAP is licenced under the LGPL, anyone is welcome to redistribute it. The LGPL is really a licenced designed to actively encourage derivative works, but all derivatives are still LGPL.

Please note that it's also perfectly healthy within the LGPL for anyone to modify adLDAP and keep their changes internally, you don't have to distribute them.

If anyone (including the original author) is interested in this work and is happy to make it available for code igniter developers with the licence restored, we'd really be keen to see this happen. We'd probably even be happy to host it as part of adLDAP on sourceforge if you're interested in joining the project

Cheers, Scott.

[eluser]33cent[/eluser]
Hi,

i'm interested in Linux version of LDAP library, because this library doesn't work with OpenLDAP on Linux.

[eluser]sammaeliv[/eluser]
how can i get this library? can somebody sendme a link that works?? plz...

post it here (plz)

[eluser]idxman[/eluser]
[quote author="Wiggum" date="1244088146"]If anyone (including the original author) is interested in this work and is happy to make it available for code igniter developers with the licence restored, we'd really be keen to see this happen. We'd probably even be happy to host it as part of adLDAP on sourceforge if you're interested in joining the project

Cheers, Scott.[/quote]

I'm very interested in this sort of thing for use with CI. I've been using adLDAP for a number of years now with my hodge-podge homegrown framework of sorts and it's been a great help in a corporate environment.

At this point all I'm looking to do is require AD authentication on 95% of the controllers and also use AD groups to control various aspects of the application.

[eluser]whobutsb[/eluser]
What happened to the download link for the LDAP library? I would like to use it on my project!

[eluser]Derek Jones[/eluser]
See the moderator's edit to the original post, whobutsb.

[eluser]whobutsb[/eluser]
Thanks Derek. I should've followed the links around.