[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypted Passwords

Don't know if this is what you're trying to do but have you seen this? HTTP Auth login using LDAP


Otherwise if you don't want to use an the apache module, you can try to bind to the LDAP server using the password the user gave you. If the bind was successful, then the password was correct.

Below is PHP code that authenticates a user HTTP basic and LDAP. The code is an include that is called by include_once() on every page. The code *seems* to work correctly but has not been throughly tested as yet.

Hope this helps

Thomas Gagne wrote:

When you do basic authentication on a web server, the password arrives in the
CGI script encrypted.  I was wondering if this encrypted password could be
passed to an LDAP server, and your response suggests it cannot (should not).
That's fine.  We'll just write a quick login screen that gets both
username/password so we can have the password in cleartext on the server to
pass to LDAP.  Since we're doing this over an https session they won't be
cleartext on the wire.



Access denied!
Main Menu.
"; UM_log("

"); UM_log("HOST LOGGED: "); if(getenv(HTTP_X_FORWARDED_FOR)) UM_log(getenv(HTTP_X_FORWARDED_FOR)); if(getenv(REMOTE_ADDR)) UM_log(getenv(REMOTE_ADDR)); echo "

This session has been logged.
"; UM_common_footer(""); $REMOTE_USER = ""; $REMOTE_PASSWORD = ""; $PHP_AUTH_USER = ""; $PHP_AUTH_PW = ""; exit(); } if ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER == "" || $PHP_AUTH_PW == "" ) { authenticate_user(); } else { if(!isset($UM_site_auth) || $UM_site_auth == "LDAP") { //Connect to validate user password if(!($conn = @ldap_connect($UM_site_auth_ldap_host))) @UM_exit_error("Unable to connect to the LDAP server."); $dn="uid=".$PHP_AUTH_USER.",".$UM_site_auth_ldap_manager_base; if( @ldap_bind($conn, $dn, "$PHP_AUTH_PW") != TRUE) authenticate_user(); ldap_unbind($conn); //Connect, this time to validate user group if(!($conn = @ldap_connect($UM_site_auth_ldap_host))) @UM_exit_error("Unable to connect to the LDAP server."); if(@ldap_bind($conn, $UM_site_auth_ldap_proxy_agent_dn, "$UM_site_auth_ldap_proxy_agent_pass") != TRUE ) UM_exit_error("ERROR while connecting to the ldap server"); //find the manager group gidnumber //FIXME: This function desperately needs more logging and error handling/reporting. $justthese = array("gidnumber"); $res = @ldap_list($conn, $UM_site_auth_ldap_manager_group_base, "cn=$UM_manager_group", $justthese); $res_array1 = @ldap_get_entries($conn, $res); if($res_array1["count"]==0) UM_log("Could not determine gidnumber for $UM_manager_group"); $filter1 = "(&(uid=$PHP_AUTH_USER)(gid=".$res_array1[0]["gidnumber"][0]."))"; $filter2 = "(&(cn=$UM_manager_group)(memberuid=$PHP_AUTH_USER))"; $res = @ldap_list($conn, $UM_site_auth_ldap_manager_base, $filter1); $res_array1 = @ldap_get_entries($conn, $res); $res2 = @ldap_list($conn, $UM_site_auth_ldap_manager_group_base, $filter2); $res_array2 = @ldap_get_entries($conn, $res2); @ldap_unbind($conn); if( $res_array1["count"] != 1 && $res_array2["count"] != 1 ) authenticate_user(); } } ?>