Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Almik Oh! Give me a guitar2014-10-31 10:29:20
Yii
Almik Oh! Give me a guitar, 2014-10-31 10:29:20

How does ldap authorization work in php?

Hello !
I am a beginner php developer. I recently came across ldap technology, which, by the way, I knew nothing about. After searching the Internet for information and applying those codes, I realized that I was completely confused. Here is one example. Test server on windows 7, I go to the site by typing testsuper
FILE ldap.php on the browser

<?php
$ldaphost = "127.0.0.1";
$ldapport = "389";
$memberof = "cn=allow_ppl,ou=users_IT,ou=IT,ou=Kyiv,ou=corp,dc=eddnet,dc=org";
$base = "ou=corp,dc=eddnet,dc=org";
$filter = "sAMAccountName=";
$domain = "@testsuper";
?>

FILE index.php
=============
<?php

include_once ("auth.php");
?>
 
  
<head>
<meta charset=utf8 />
<title>Postfix ?????????</title>
</head>
 
<?php
// ????? ??? ????? ?????? ? ?????? 
print '
<form action="index.php" method="post">
<table>
      <tr>
            <td>Log:</td>
            <td><input type="text" name="login" /></td>
      </tr>
      <tr>
            <td>Password:</td>
            <td><input type="password" name="password" /></td>
      </tr>
      <tr>
            <td></td>
            <td><input type="submit" value="Authorization" /></td>
      </tr>
</table>
</form>
';
?>

=============
FILE auth.php
<?php
//???????? ??????
session_start();
//?????????? ???????????????? ????
include_once ("ldap.php");
 
// Logout
if (isset($_GET['logout']))
{
      if (isset($_SESSION['user_id']))
            {
            unset($_SESSION['user_id']);  
            setcookie('login', '', 0, "/");
            setcookie('password', '', 0, "/");
            header('Location: index.php');
            exit;
      }
}
 
//???? ???????????? ??? ????????????????, ?? ??????????? ??? ?? ???????? main.php
if (isset($_SESSION['user_id']))
      {
    echo "<script>alert('Success')</script>";
      header('Location: main.php');
      exit;
}
 
//???? ???????????? ?? ????????????????, ?? ????????? ??? ????????? LDAP
if (isset($_POST['login']) && isset($_POST['password']))
      {
      $username = $_POST['login'];
      $login = $_POST['login'].$domain;
      $password = $_POST['password'];
      //?????????????? ? LDAP ???????
      $ldap = ldap_connect($ldaphost,$ldapport) or die("Cant connect to LDAP Server");
      //???????? LDAP ???????? ?????? 3
      ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 
      if ($ldap)
            {
            // ???????? ????? ? LDAP ??? ?????? ????????? ?????? ? ??????
            $bind = ldap_bind($ldap,$login,$password);
 
            if ($bind)
                  {
                  // ????????, ???????? ?? ???????????? ?????? ????????? ??????.
                  $result = ldap_search($ldap,$base,"(&(memberOf=".$memberof.")(".$filter.$username."))");
                  // ???????? ?????????? ??????????? ?????????? ????????
                  $result_ent = ldap_get_entries($ldap,$result);
            }
            else
                  {
          echo "<pre>";
          print_r($_SESSION);
          echo "</pre>";
                  die('You entered wrong password or id. Try it now<br /> <a href="index.php">to back</a>');
            }
      }
      // ???? ???????????? ??????, ?? ?????????? ??? ?????? ? ????????????? ?? main.php
      if ($result_ent['count'] != 0)
            {
            $_SESSION['user_id'] = $login;
            header('Location: main.php');
            exit;
      }
      else
            {
            die('Access denied! <br /> <a href="index.php">to Back</a>');
      }
}
?>

I am concerned about the following questions:
1) how does ldap work?
2) where does it, that is, ldap store data, and in general how is authorization carried out if there were no users before? (this is the most interesting since I also displayed $_SERVER, etc.)
3) what should I read in order to quickly delve into ldap?
4) Isn't it easier to store data in the database and check the data from there (that is, login pass)?
Sincerely ,
Almik

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Rsa97, 2014-10-31
@Rsa97

For ldap authorization, an ldap server is required, respectively. There are two main options - OpenLDAP and MS Active Directory. Advantages of the method - a single centralized storage of all users for the vast majority of servers.
Judging by the data from the example, the ldap server is set up on the same computer as the web server, the domain is called 'testsuper', the root of the eddnet.org domain, subdivision in Kyiv, for authorization the user must be a member of the 'allow_ppl' group.
You can read the introductory part of the " OpenLDAP 2.4 Administrator's Guide ", it should be enough to understand the general principles.

Similar questions
Y
Yura Mailler2021-04-01 17:40:00
How to hide buttons in a VK bot and enable others? 3Reply
N
Niko True2015-06-16 19:00:28
How to make an sms gateway? 4Reply
I
Igor2019-12-10 13:10:34
How to get an archive from windows to debian? 4Reply
P
Pauletto2014-10-10 13:29:04
What is the best way to organize search with pagination in Yii? 0Reply
L
leni_m2019-03-12 16:43:58
Why doesn't CNC work in Yii2? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question