Bradley Coudriet trying to make the world better, one line of code at a time.

16Jan/071

PHP – RIT LDAP Authentication function

This is a little bit of code i've written over the years here at RIT to connect to the rit ldap server, authenticate a username, password and then return some information about them in a session if you want (commented out right now). Go ahead and put it in your code, and call it when you are doing things like login pages.

Return 0 = Wrong username or password

Return 1 = Username and password are good!

Update: updated the scripts per Mario's suggestions

 

function authenticate($username,$password) {
	########################
	## RIT LDAP Authentication Function
	## Bradley Coudriet - bjcpgd@rit.edu ########################
	$server="ldap.rit.edu"; //RIT LDAP Server
	$basedn="ou=people,dc=rit,dc=edu";
	$filter = "(uid=$username)";$dn = "uid=$username, "; 

	if (!($connect = ldap_connect('ldaps://'.$server.636))) { return 0; } 

	//The LDAP functions will always return an error if the username and password are not correct, this line disables the error messages
	if ( !(@ldap_bind($connect, "$dn" . $basedn, $password)) || empty($password) ) {
		$error = "You either have a wrong username or wrong password";
		return 0;
	}

	$sr = ldap_search($connect, $basedn,"$filter");
	$info = ldap_get_entries($connect, $sr);
	/* Uncomment these lines if you are using sessions and want to put some of the information you got LDAP in your session
	$_SESSION['accountUserName'] = $username;
	$_SESSION['accountFirstName'] = $info[0]['givenname'][0];
	$_SESSION['accountLastName'] = $info[0]['sn'][0];
	$_SESSION['accountPhone'] = $info[0]['telephonenumber'][0];
	$_SESSION['accountEmail'] = $info[0]['mail'][0];
	$_SESSION['accountType'] = $info[0]['riteduaccounttype'][0]; */
	return 1;
}

Filed under: php, web development Leave a comment
Comments (1) Trackbacks (0)
  1. Mario
    May 30th, 2008 - 01:48

    I would get rid of the ini_set(); you are using to avoid errors and just put a @ (error control operator) in front of the ldap_bind();, it will do the same thing and is much more pretty.
    @ldap_bind($connect, “$dn” . $basedn, $password)
    http://us.php.net/manual/en/language.operators.errorcontrol.php

    And since ldap_bind is a boolean, and the variable you set it to is not being used anywhere I would not set it to $bind and just have it stand alone.
    So if I were to use this code I would change lines 15-22 to:

    //The LDAP functions will always return an error if the username and password are not correct, @ disables the error messages
    if ( !(@ldap_bind($connect, “$dn” . $basedn, $password)) || empty($password) ) {
    $error = “You either have a wrong username or wrong password”;
    return 0;
    }


Leave a comment

(required)

No trackbacks yet.

» «

Archives

Recent Comments

Tags

390 announcement apple APT BASH beetle bugle cias crime debian digg diggnation drum corp happiness home leopard linux logwatch manual METApic netboot osx perl persuit php puppet rochester rochester crusaders rss snippet ssl sysadmin system administration systems teas theft tiger toy tutorial UNIX vandalizm vm web wind up bug zen

Blogroll

My Social Sites