Welcome to the nuBuilder forums!

Please register and login to view forums and other content only available to registered users.

Simple LDAP Validation

Post Reply
nokopenit
Posts: 2
Joined: Tue Sep 25, 2012 4:08 am

Simple LDAP Validation

Unread post by nokopenit »

Hi all,

I just wanted to share this code that I use to validate my Samba Ldap Users:

Our user must be created in nuBuilder database and the password will be stored in a samba ldap directory.

We have to edit formlogin.php

Code: Select all


		// Change this query
		$s  = "SELECT zzsys_user_id AS ID, sal_name AS AccessLevel, sug_group_name as UserGroupName FROM zzsys_user ";
		$s .= "INNER JOIN zzsys_user_group ON sus_zzsys_user_group_id = zzsys_user_group_id ";
		$s .= "INNER JOIN zzsys_access_level ON sug_zzsys_access_level_id = zzsys_access_level_id ";
		$s .= "WHERE sus_login_name = '$user'"; //Only cheque if the user exists


		$t  = nuRunQuery($s);
		$r  = db_fetch_object($t);
		// the globeadmin username should not exist in the zzsys_user table 
		if($r->ID!='' && $user=='globeadmin'){
			return $stoplogin;
		}
		
		//user name and password failed	
		if($r->ID=='' || !validate_ldap($user, $pass)){ //check the password with the validate_ldap function
			return $stoplogin;
		}	


//validate_ldap
function validate_ldap($user, $pass) {

		$ldapconfig['host'] = 'host ip';
		$ldapconfig['port'] = 389;
		$ldapconfig['basedn'] = 'dc=some,dc=com';

		$ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
		$r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $user);

		if ($r) {
		    $result = @ldap_get_entries( $ds, $r);
		    if ($result[0]) {
		        if (@ldap_bind( $ds, $result[0]['dn'], $pass) ) {
				return true;
		        }
		    }
		}
		return false;
	}


Hope it helps.
regards
Pablo.
johan
Posts: 392
Joined: Sun Feb 27, 2011 11:16 am
Location: Belgium

Re: Simple LDAP Validation

Unread post by johan »

Pablo,

Nice but I'm looking for a solution that works in the other direction.

We use LDAP for email, intranet, .... so the users are already in LDAP. It would be nice if Ldap could give the permission to a database (or if I could select users out of ldap and give them permission to login in a database).

So if you have any idea how I can do this, it would be great.
Johan
johan
Posts: 392
Joined: Sun Feb 27, 2011 11:16 am
Location: Belgium

Re: Simple LDAP Validation

Unread post by johan »

Pablo,

Could you please post your complete formlogin.php and not only the part you've edited?

Thanks
Johan
Post Reply