From 6d65f8b20aa37e21eb2f68bb47c8ef30059aba71 Mon Sep 17 00:00:00 2001 From: paulr Date: Tue, 23 Nov 2010 16:35:16 +1100 Subject: [PATCH] Working AD basic html page. --- example/activedirectory/extend.php | 114 ++++++++++++++++++++++++++++++++++++ example/activedirectory/index.php | 82 ++++++++++++++++++++++++-- 2 files changed, 190 insertions(+), 6 deletions(-) create mode 100644 example/activedirectory/extend.php diff --git a/example/activedirectory/extend.php b/example/activedirectory/extend.php new file mode 100644 index 0000000..a551202 --- /dev/null +++ b/example/activedirectory/extend.php @@ -0,0 +1,114 @@ +"; + //print_r($info); + //echo ""; + + $attr_name = false; + for($i=1; $i<15; $i++) { + $valname = "extensionattribute$i"; + if(isset($info[0]["$valname"][0])) { + $val = $info[0]["$valname"][0]; + // we are looking for an extension attribute that has a start of "ga4php" + if(preg_match('/^ga4php.*/', $val)>0) { + $attr_name = $valname; + } + } + + } + + // yeah, totally works.... HAH + if($attr_name != false) { + $tokend = $info[0]["$attr_name"][0]; + $expl = explode(":", $tokend); + $tokendata = $expl[1]; + } + + return $tokendata; + + // and there you have it, simple eh? + } + + + // now we need a function for putting the data back into our user table. + // in this example, we wont check anything, we'll just overwrite it. + function putData($username, $data) { + global $dsconnect, $host, $binduser, $bindpass, $basecn; + + if($data!="") { + $data .= "ga4php:"; + } + + // set this to default to begin with + $tokendata = false; + + // we need to track the "first" blank attribute + $blank_attr = false; + + // we search for a username that matches what we've been passed + $sr = ldap_search($dsconnect, "$basecn", "samaccountname=$username"); + $info = ldap_get_entries($dsconnect, $sr); + $dn = $info[0]["distinguishedname"][0]; + + //echo "
";
+		//print_r($info);
+		//echo "
"; + + $attr_name = false; + for($i=1; $i<15; $i++) { + $valname = "extensionattribute$i"; + if(isset($info[0]["$valname"][0])) { + $val = $info[0]["$valname"][0]; + // we are looking for an extension attribute that has a start of "ga4php" + if(preg_match('/^ga4php.*/', $val)>0) { + $attr_name = $valname; + } + } else { + if($blank_attr == false) { + // this will cathc the first unset extension variable name, if we need it + $blank_attr = "$valname"; + } + } + + } + + // if the attr_name is not set, we need to set $blank_attr + if($attr_name == false) { + // we use $blank_attr + error_log("setting for $username, $blank_attr"); + $infod["$blank_attr"][0] = "$data"; + } else { + error_log("setting for $username, $attr_name"); + $infod["$attr_name"][0] = "$data"; + } + + error_log("att end of put data for $dn, $infod"); + + return ldap_modify($dsconnect, $dn, $infod); + // even simpler! + } + + // not implemented yet + function getUsers() { + return false; + } +} + +?> diff --git a/example/activedirectory/index.php b/example/activedirectory/index.php index e0d5ea2..bf25053 100644 --- a/example/activedirectory/index.php +++ b/example/activedirectory/index.php @@ -3,17 +3,87 @@ * This example shows how you might store user data directly into AD. * AD has several attributes you can use for storing your own data, and * thats what we use + * + * This is only the beginning code, */ // set these -$host = ""; -$binduser = ""; -$bindpass = ""; -$basecn = ""; +$host = ""; // for eg "1.2.3.4" +$binduser = ""; // for eg "administrator" +$bindpass = ""; // for eg "password" +$basecn = ""; // for eg "CN=users, DC=google, dc=com" + +//require our GoogleAuthenticator sub classed class +require_once("extend.php"); +$myga = new myGA(); // this is here so i can keep my atributes somewhere in the tree and not have them float around on git/svn -if(file_exists("../../../.dontappearingitandsvn.php")) require_once("../../../.dontappearingitandsvn.php"); +if(file_exists("../../../../.dontappearingitandsvn.php")) require_once("../../../../.dontappearingitandsvn.php"); + +$error = false; + +// first, lets bind our AD with out management creds +error_log("host is $host"); +$dsconnect = ldap_connect("$host", 389); + +// we mark it global so we can get it in our class +global $dsconnect, $host, $binduser, $bindpass, $basecn; + +if(!$dsconnect) { + $error = true; + $errorText = "Can't Connect to AD"; +} +$ldapbind = ldap_bind($dsconnect, "$binduser", "$bindpass"); +?> + +

Welcome to GA4PHP Talking to Active Directory

+ +$errorText
"; +} +?> + +Our user list within AD: + + + $val) { + //echo "$key is ".$val["distinguishedname"][0]."\n"; + if($val["distinguishedname"][0] != "") { + $user[$i]["dn"] = $val["distinguishedname"][0]; + $user[$i]["acn"] = $val["samaccountname"][0]; + $user[$i]["cn"] = $val["cn"][0]; + } + + $i ++; + //return 0; + } + + foreach($user as $value) { + $cn = $value["cn"]; + $un = $value["acn"]; + echo ""; + } +?> -?> \ No newline at end of file +
NameLogin Name
$cn$un
+testing administrator
+hasToken("administrator")) { + echo "administrator has a token
"; +} else { + echo "administrator has no token, setting one
"; + $myga->setUser("administrator"); +} +?> + \ No newline at end of file -- 1.7.0.4