Hi guys,
I can currently connect, bind and authenticate a user against
ActiveDirectory using OpenLdap and apache. I have apache compiled with
SSL as well. I force PHP to use https:// and i get the browser ask if i
want to accept the certificate etc. I'm also connecting to Ldap on port
686.
Now it all works fine apart, although then i started up ethereal to
check on the packets and it appears the username and password are being
sent in plain text. I cant work out why.
Any help greatly appreciated.
Heres the code.
=============== =============== ============
var $_domain_contro llers = array ("hole.chase.lo cal, 686");
//other variables
var $_user_dn;
var $_user_pass;
var $_conn;
var $_bind;
// default constructor
function adLDAP(){
//connect to the LDAP server as the username/password
$this->_conn = ldap_connect($t his->random_control ler());
ldap_set_option ($this->_conn, LDAP_OPT_PROTOC OL_VERSION, 3);
ldap_set_option ($this->_conn, LDAP_OPT_REFERR ALS, 0); //disable plain
text passwords
return true;
}
// default destructor
function __destruct(){ ldap_close ($this->_conn); }
function random_controll er(){
//select a random domain controller
mt_srand(double val(microtime() ) * 100000000);
return
($this->_domain_contro llers[array_rand($thi s->_domain_contro llers)]);
}
// authenticate($u sername,$passwo rd)
// Authenticate to the directory with a specific username and password
// Extremely useful for validating login credentials
function authenticate($u sername,$passwo rd){
//validate a users login credentials
$returnval=fals e;
if ($username!=NUL L && $password!=NULL ){ //prevent null bind
$this->_user_dn=$user name.$this->_account_suffi x;
$this->_user_pass=$pa ssword;
$this->_bind =
@ldap_bind($thi s->_conn,$this->_user_dn,$th is->_user_pass);
if ($this->_bind){ $returnval=true ; }
}
return ($returnval);
}
I can currently connect, bind and authenticate a user against
ActiveDirectory using OpenLdap and apache. I have apache compiled with
SSL as well. I force PHP to use https:// and i get the browser ask if i
want to accept the certificate etc. I'm also connecting to Ldap on port
686.
Now it all works fine apart, although then i started up ethereal to
check on the packets and it appears the username and password are being
sent in plain text. I cant work out why.
Any help greatly appreciated.
Heres the code.
=============== =============== ============
var $_domain_contro llers = array ("hole.chase.lo cal, 686");
//other variables
var $_user_dn;
var $_user_pass;
var $_conn;
var $_bind;
// default constructor
function adLDAP(){
//connect to the LDAP server as the username/password
$this->_conn = ldap_connect($t his->random_control ler());
ldap_set_option ($this->_conn, LDAP_OPT_PROTOC OL_VERSION, 3);
ldap_set_option ($this->_conn, LDAP_OPT_REFERR ALS, 0); //disable plain
text passwords
return true;
}
// default destructor
function __destruct(){ ldap_close ($this->_conn); }
function random_controll er(){
//select a random domain controller
mt_srand(double val(microtime() ) * 100000000);
return
($this->_domain_contro llers[array_rand($thi s->_domain_contro llers)]);
}
// authenticate($u sername,$passwo rd)
// Authenticate to the directory with a specific username and password
// Extremely useful for validating login credentials
function authenticate($u sername,$passwo rd){
//validate a users login credentials
$returnval=fals e;
if ($username!=NUL L && $password!=NULL ){ //prevent null bind
$this->_user_dn=$user name.$this->_account_suffi x;
$this->_user_pass=$pa ssword;
$this->_bind =
@ldap_bind($thi s->_conn,$this->_user_dn,$th is->_user_pass);
if ($this->_bind){ $returnval=true ; }
}
return ($returnval);
}