3 * This example shows how you might store user data directly into AD.
4 * AD has several attributes you can use for storing your own data, and
7 * This is only the beginning code, for starters we need some way of encrypting
8 * the data we put in AD cause the extensionAttributes1-15 are globally readable
9 * and thus the token is completely insecure. This is easy to fix though as the
10 * encryption just needs to be a static set key within the class that puts/gets
11 * data. At least, for the example we should set a GOOD example and do this
12 * other implementations might even want to implement their own schema such that
13 * permissions around that token key are strict in the schema, however encrypting
14 * the data is not a bad idea. The key for the encrypted data can be very long
15 * and very random as its not designed for user interaction, though it should be
16 * backed up occasionally
20 $host = ""; // for eg "1.2.3.4"
21 $binduser = ""; // for eg "administrator"
22 $bindpass = ""; // for eg "password"
23 $basecn = ""; // for eg "CN=users, DC=google, dc=com"
25 //require our GoogleAuthenticator sub classed class
26 require_once("extend.php");
29 // this is here so i can keep my atributes somewhere in the tree and not have them float around on git/svn
30 if(file_exists("../../../../.dontappearingitandsvn.php")) require_once("../../../../.dontappearingitandsvn.php");
34 // first, lets bind our AD with out management creds
35 error_log("host is $host");
36 $dsconnect = ldap_connect("$host", 389);
38 // we mark it global so we can get it in our class
39 global $dsconnect, $host, $binduser, $bindpass, $basecn;
43 $errorText = "Can't Connect to AD";
45 $ldapbind = ldap_bind($dsconnect, "$binduser", "$bindpass");
48 <H1>Welcome to GA4PHP Talking to Active Directory</H1>
52 echo "<font color=\"red\">$errorText</font><br>";
56 Our user list within AD:
58 <tr><th>Name</th><th>Login Name</th></tr>
60 $sr = ldap_search($dsconnect, "$basecn", "objectclass=user");
61 $info = ldap_get_entries($dsconnect, $sr);
62 //$info["extensionattribute2"] = "-----";
67 foreach($info as $key => $val) {
68 //echo "$key is ".$val["distinguishedname"][0]."\n";
69 if($val["distinguishedname"][0] != "") {
70 $user[$i]["dn"] = $val["distinguishedname"][0];
71 $user[$i]["acn"] = $val["samaccountname"][0];
72 $user[$i]["cn"] = $val["cn"][0];
79 foreach($user as $value) {
82 echo "<tr><td>$cn</td><td>$un</td></tr>";
89 testing administrator<br>
91 if($myga->hasToken("administrator")) {
92 echo "administrator has a token<br>";
94 echo "administrator has no token, setting one<br>";
95 $myga->setUser("administrator");