Solved

php 5.3 LDAP login member of

Posted on 2013-11-22
4
1,031 Views
Last Modified: 2013-11-24
hello,
i have a problem with this script:
login.php
<?php
include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if (isset($error)){ echo "Login failed: Incorrect user name, password, or rights<br />";}
 
// output logout success
if (isset($_GET['out'])) echo "Logout successful<br />";
?>
 
<form method="post" action="login.php">
    User: <input type="text" name="userLogin" /><br />
    Password: <input type="password" name="userPassword" /><br />
    <input type="submit" name="submit" value="Submit" />
</form>

Open in new window


authenticate.php
<?php
function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "xxxx";
 
    // Active Directory DN
    $ldap_dn = "OU=ou,DC=dc,DC=dc";
 
    // Active Directory user group
    $ldap_user_group = "Intranet Users";
 
    // Active Directory manager group
    $ldap_manager_group = "Intranet Admin";
 
    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@xxxx.xx";
 
    // connect to active directory
    $ldap = ldap_connect($ldap_host);
 
    // verify user and password
    if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);
 
		//echo $entries;
        // check groups
        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
 
            // is user
            if (strpos($grps, $ldap_user_group)) $access = 1;
        }
 
        if ($access != 0) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            // user has no rights
            return false;
        }
 
    } else {
        // invalid name or password
        return false;
    }
}
?>

Open in new window


i have this error:
PHP Notice:  Undefined index: memberof in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Warning:  Invalid argument supplied for foreach() in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Notice:  Undefined variable: access in C:\inetpub\wwwroot\authenticate.php on line 41

line 33 -->      
        foreach($entries[0]['memberof'] as $grps) {

Open in new window


ligne 41-->    
        if ($access != 0) {

Open in new window



can you help us.
regards.
0
Comment
Question by:iddisarl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39668696
$entries appears to be created on line 28 with this instruction:

$entries = ldap_get_entries($ldap, $result);

Please add var_dump($entries) and post the output here.
0
 

Author Comment

by:iddisarl
ID: 39670553
hello thank you for your help,
if i disable error reporting and use var_dump
i have this output:
array(2) { ["count"]=> int(1) [0]=> array(2) { ["count"]=> int(0) ["dn"]=> string(41) "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" } }
if i enable error reporting i still have the same errors
regards
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39670586
That tells us that the output from ldap_get_entries() looks this way

array
( ["count"]=> int(1)
, [0]=> array
        ( ["count" ] => int(0)
        , ["dn"]     => "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" 
        ) 
)

Open in new window

In other words, $entries[0] has two elements named "count" and "dn" but nothing named "memberof" is in there.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39672722
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question