Posted on January 16, 2007 at 6:43 pm

PHP - RIT LDAP Authentication function

This is a little bit of code i've written over the years here at RIT to connect to the rit ldap server, authenticate a username, password and then return some information about them in a session if you want (commented out right now). Go ahead and put it in your code, and call it when you are doing things like login pages.

Return 0 = Wrong username or password

Return 1 = Username and password are good!

Update: updated the scripts per Mario's suggestions

 

PLAIN TEXT
PHP:
  1. function authenticate($username,$password) {
  2.     ########################
  3.     ## RIT LDAP Authentication Function
  4.     ## Bradley Coudriet - bjcpgd@rit.edu ########################
  5.     $server="ldap.rit.edu"; //RIT LDAP Server
  6.     $basedn="ou=people,dc=rit,dc=edu";
  7.     //Base DN $script=$_SERVER['SCRIPT_NAME'];
  8.     $filter = "(uid=$username)";$dn = "uid=$username, ";
  9.    
  10.     if (!($connect = ldap_connect($server))) { return 0; }
  11.    
  12.     //The LDAP functions will always return an error if the username and password are not correct, this line disables the error messages
  13.     if ( !(@ldap_bind($connect, "$dn" . $basedn, $password)) || empty($password) ) {
  14.         $error = "You either have a wrong username or wrong password";
  15.         return 0;
  16.     }
  17.    
  18.     $sr = ldap_search($connect, $basedn,"$filter");
  19.     $info = ldap_get_entries($connect, $sr);
  20.     /* Uncomment these lines if you are using sessions and want to put some of the information you got LDAP in your session
  21.     $_SESSION['accountUserName'] = $username;
  22.     $_SESSION['accountFirstName'] = $info[0]['givenname'][0];
  23.     $_SESSION['accountLastName'] = $info[0]['sn'][0];
  24.     $_SESSION['accountPhone'] = $info[0]['telephonenumber'][0];
  25.     $_SESSION['accountEmail'] = $info[0]['mail'][0];
  26.     $_SESSION['accountType'] = $info[0]['riteduaccounttype'][0]; */
  27.     return 1;
  28. }

One Response to “PHP - RIT LDAP Authentication function”

  1. Mario on May 30th, 2008 at 1:48 am says:

    I would get rid of the ini_set(); you are using to avoid errors and just put a @ (error control operator) in front of the ldap_bind();, it will do the same thing and is much more pretty.
    @ldap_bind($connect, "$dn" . $basedn, $password)
    http://us.php.net/manual/en/language.operators.errorcontrol.php

    And since ldap_bind is a boolean, and the variable you set it to is not being used anywhere I would not set it to $bind and just have it stand alone.
    So if I were to use this code I would change lines 15-22 to:

    //The LDAP functions will always return an error if the username and password are not correct, @ disables the error messages
    if ( !(@ldap_bind($connect, "$dn" . $basedn, $password)) || empty($password) ) {
    $error = "You either have a wrong username or wrong password";
    return 0;
    }

Leave a Reply