Solved

php 5.3 LDAP login member of

Posted on 2013-11-22
4
1,047 Views
Last Modified: 2013-11-24
hello,
i have a problem with this script:
login.php
<?php
include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if (isset($error)){ echo "Login failed: Incorrect user name, password, or rights<br />";}
 
// output logout success
if (isset($_GET['out'])) echo "Logout successful<br />";
?>
 
<form method="post" action="login.php">
    User: <input type="text" name="userLogin" /><br />
    Password: <input type="password" name="userPassword" /><br />
    <input type="submit" name="submit" value="Submit" />
</form>

Open in new window


authenticate.php
<?php
function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "xxxx";
 
    // Active Directory DN
    $ldap_dn = "OU=ou,DC=dc,DC=dc";
 
    // Active Directory user group
    $ldap_user_group = "Intranet Users";
 
    // Active Directory manager group
    $ldap_manager_group = "Intranet Admin";
 
    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@xxxx.xx";
 
    // connect to active directory
    $ldap = ldap_connect($ldap_host);
 
    // verify user and password
    if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);
 
		//echo $entries;
        // check groups
        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
 
            // is user
            if (strpos($grps, $ldap_user_group)) $access = 1;
        }
 
        if ($access != 0) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            // user has no rights
            return false;
        }
 
    } else {
        // invalid name or password
        return false;
    }
}
?>

Open in new window


i have this error:
PHP Notice:  Undefined index: memberof in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Warning:  Invalid argument supplied for foreach() in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Notice:  Undefined variable: access in C:\inetpub\wwwroot\authenticate.php on line 41

line 33 -->      
        foreach($entries[0]['memberof'] as $grps) {

Open in new window


ligne 41-->    
        if ($access != 0) {

Open in new window



can you help us.
regards.
0
Comment
Question by:iddisarl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39668696
$entries appears to be created on line 28 with this instruction:

$entries = ldap_get_entries($ldap, $result);

Please add var_dump($entries) and post the output here.
0
 

Author Comment

by:iddisarl
ID: 39670553
hello thank you for your help,
if i disable error reporting and use var_dump
i have this output:
array(2) { ["count"]=> int(1) [0]=> array(2) { ["count"]=> int(0) ["dn"]=> string(41) "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" } }
if i enable error reporting i still have the same errors
regards
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39670586
That tells us that the output from ldap_get_entries() looks this way

array
( ["count"]=> int(1)
, [0]=> array
        ( ["count" ] => int(0)
        , ["dn"]     => "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" 
        ) 
)

Open in new window

In other words, $entries[0] has two elements named "count" and "dn" but nothing named "memberof" is in there.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39672722
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question