• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1107
  • Last Modified:

php 5.3 LDAP login member of

hello,
i have a problem with this script:
login.php
<?php
include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if (isset($error)){ echo "Login failed: Incorrect user name, password, or rights<br />";}
 
// output logout success
if (isset($_GET['out'])) echo "Logout successful<br />";
?>
 
<form method="post" action="login.php">
    User: <input type="text" name="userLogin" /><br />
    Password: <input type="password" name="userPassword" /><br />
    <input type="submit" name="submit" value="Submit" />
</form>

Open in new window


authenticate.php
<?php
function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "xxxx";
 
    // Active Directory DN
    $ldap_dn = "OU=ou,DC=dc,DC=dc";
 
    // Active Directory user group
    $ldap_user_group = "Intranet Users";
 
    // Active Directory manager group
    $ldap_manager_group = "Intranet Admin";
 
    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@xxxx.xx";
 
    // connect to active directory
    $ldap = ldap_connect($ldap_host);
 
    // verify user and password
    if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);
 
		//echo $entries;
        // check groups
        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
 
            // is user
            if (strpos($grps, $ldap_user_group)) $access = 1;
        }
 
        if ($access != 0) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            // user has no rights
            return false;
        }
 
    } else {
        // invalid name or password
        return false;
    }
}
?>

Open in new window


i have this error:
PHP Notice:  Undefined index: memberof in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Warning:  Invalid argument supplied for foreach() in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Notice:  Undefined variable: access in C:\inetpub\wwwroot\authenticate.php on line 41

line 33 -->      
        foreach($entries[0]['memberof'] as $grps) {

Open in new window


ligne 41-->    
        if ($access != 0) {

Open in new window



can you help us.
regards.
0
iddisarl
Asked:
iddisarl
  • 3
1 Solution
 
Ray PaseurCommented:
$entries appears to be created on line 28 with this instruction:

$entries = ldap_get_entries($ldap, $result);

Please add var_dump($entries) and post the output here.
0
 
iddisarlAuthor Commented:
hello thank you for your help,
if i disable error reporting and use var_dump
i have this output:
array(2) { ["count"]=> int(1) [0]=> array(2) { ["count"]=> int(0) ["dn"]=> string(41) "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" } }
if i enable error reporting i still have the same errors
regards
0
 
Ray PaseurCommented:
That tells us that the output from ldap_get_entries() looks this way

array
( ["count"]=> int(1)
, [0]=> array
        ( ["count" ] => int(0)
        , ["dn"]     => "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" 
        ) 
)

Open in new window

In other words, $entries[0] has two elements named "count" and "dn" but nothing named "memberof" is in there.
0
 
Ray PaseurCommented:
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now