More about Directory Server and OpenDS Margin Notes

PHP is another web application language you know better than I do, but that does not make it hard to use PHP to access a directory.

After installing PHP with the wrappers for the OpenLDAP libraries, I replicated the small LDAP web application posted earlier using Java with JNDI. (PHP version zip download) I had already installed OpenDS SE 2.0, and imported Example.ldif for the data.

For the user, the only changes are the colors and the title.

The user kvaughan is present in Example.ldif.

Here is the PHP code for that:

        <h2>LDAP Authentication Results</h2>
        <p>Return to <a href="index.php">top page</a>.</p><hr />
        <?php
        include 'conf.php';

        $user = htmlspecialchars($_POST['user']);
        $filter = "(|(uid=" . $user . ")" . "(mail=" . $user ."@*))";

        echo "<p>Equivalent command line:<br /><tt>ldapsearch -h " .
        $server . " -p " . $port . " -b " . $basedn . " \"" .
        $filter . "\"</tt></p>";
        echo "<hr />";

        // Connect to the LDAP server.
        $ldapconn = ldap_connect($server, $port) or
        die("Could not connect to " . $server . ":" . $port . ".");

        // Bind anonymously to the LDAP server to search and retrieve DN.
        $ldapbind = ldap_bind($ldapconn) or die("Could not bind anonymously.");
        $result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error.");
        $entries = ldap_get_entries($ldapconn, $result);
        $binddn = $entries[0]["dn"];
        echo "<p>Bind DN found: ". $binddn . "</p>";
        echo "<hr />";

        // Bind again using the DN retrieved. If this bind is successful,
        // then the user has managed to authenticate.
        $ldapbind = ldap_bind($ldapconn, $binddn, $_POST['password']);
        if ($ldapbind) {
            echo "Successful authentication for " . $user . ".";
        } else {
            echo "Failed authentication for " . $user . ".";
        }

        ldap_close($ldapconn);
        ?>
        <hr /><p>Return to <a href="index.php">top page</a>.</p>

Again, searching is even easier.

...search results coming up...

Here is the PHP code for the search.

        <h2>LDAP Search Results</h2>
        <p>Return to <a href="index.php">top page</a>.</p><hr />
        <?php
        include 'conf.php';

        // Thanks to http://www.devshed.com/c/a/PHP/Using-PHP-With-LDAP-part-1
        // for inspiration.
        $name = htmlspecialchars($_POST['name']);
        $filter = "(|(cn=*" . $name . "*)" . "(sn=*" . $name ."*))";

        echo "<p>Equivalent command line:<br /><tt>ldapsearch -h " .
        $server . " -p " . $port . " -b " . $basedn . " \"" .
        $filter . "\"</tt></p>";
        echo "<hr />";

        // Connect to the LDAP server.
        $ldapconn = ldap_connect($server, $port) or
        die("Could not connect " . $server . ":" . $port . ".");

        // Bind anonymously to the LDAP server to search.
        $ldapbind = ldap_bind($ldapconn) or die("Could not bind anonymously.");
        $result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error.");
        $entries = ldap_get_entries($ldapconn, $result);

        // Display key data for each entry.
        for ($i=0; $i<$entries["count"]; $i++) {
            echo "<p>DN: " . $entries[$i]["dn"] . "<br />";
            echo "Uid: " . $entries[$i]["uid"][0] . "<br />";
            echo "Email: " . $entries[$i]["mail"][0] . "</p>";
        }

        ldap_close($ldapconn);
        ?>
        <hr /><p>Return to <a href="index.php">top page</a>.</p>