Results 1 to 2 of 2

Thread: Using LDAP and PHP for Authentication from Zimbra LDAP

Hybrid View

  1. #1
    Join Date
    Sep 2005
    Location
    Buffalo, NY
    Posts
    65
    Rep Power
    10

    Lightbulb Using LDAP and PHP for Authentication from Zimbra LDAP

    I looked a number of places, including here for solutions allowing other home built code running on my other servers to Authenticate using the usernames and passwords already present on my zimbra mail server.

    When we hire new employees now, an account is created for them in Active Directory on our windows server, and another account is created using the same information on the zimbra server.

    As we are intending to eventually get rid of Windows Active Directory and lean more towards Linux, I didn't want to Authenticate Zimbra off of Active Directory.

    What I am giving you here is the code I came up with from a combination of the zimbra wiki, 3 posts here on the forums, and some code I have (GNU) borrowed from the Hot Open Tickets project on sourceforge, for posting info from a form. (fyi: Hot Open Tickets is a CMMS. I am not using it as a CMMS, I just borrowed code from it to do authentication off of a SQL db. It just made sense to mod that code with the LDAP auth procedure contained herein because it covers the whole site, even "barried" pages, using sessions.)

    PHP Code:
    //serverside.php code
    <?php
        $URL
    ="http://server.domain.com"//Root url.  **IMPORTANT** Leave the
        // trailing slash off.  index.php is assumed.
        // This is the root url of the application you are Authenticating.
        // This is not the url of the Zimbra Server
        
        
    function validate_user()
        {      
            
    // This is the code to Authenticate from Zimbra LDAP
            // This Code does not take into condiseration ess "security levels" that are in the SQL DB
            // This will have to be remediated some how.... (adding fields to Zimbra LDAP?)
            // LDAP variables

            
    $ldap['user']              = $_POST["login_uname"];

            
    $ldap['pass']              = $_POST["login_password"];

            
    $ldap['host']              = 'zimbra.domain.com';

            
    $ldap['port']              = 389;

            
    $ldap['dn']                = 'uid='.$ldap['user'].',ou=people,dc=domain,dc=com';

            
    $ldap['base']              = '';

            
    // connecting to ldap
            
    $ldap['conn'] = ldap_connect$ldap['host'], $ldap['port'] );
            
    ldap_set_option($ldap['conn'], LDAP_OPT_PROTOCOL_VERSION3);

            
    // binding to ldap
            
    $ldap['bind'] = ldap_bind$ldap['conn'], $ldap['dn'], $ldap['pass'] );

            if (
    $ldap['bind']) {
                
    //echo "LDAP bind successful...";
                
    return 1//returns "ok" to the calling page -- User is authenticated
               
    } else {
                   
    //echo "LDAP bind failed...";
            
    $login_page=$GLOBALS["URL"]."/login.php"// Redirects User to login page to Authenticate
            
    print "<body onload=\"window.location='$login_page';\">";
            print 
    "<a href='$login_page'>You need to login</a>";
            print 
    "</body>";
            exit();
       }        
    ?>

    //index.php code
    <?php
    session_start
    ();
    //HOT :: Hot Open Tickets

    /* http://hotopentickets.sourceforge.net   
    // LICENSE
    //
    // This program is free software; you can redistribute it and/or
    // modify it under the terms of the GNU General Public License (GPL)
    // as published by the Free Software Foundation; either version 2
    // of the License, or (at your option) any later version.
    //
    // This program is distributed in the hope that it will be useful,
    // but WITHOUT ANY WARRANTY; without even the implied warranty of
    // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    // GNU General Public License for more details.
    //
    // To read the license please visit http://www.gnu.org/copyleft/gpl.html
    // ----------------------------------------------------------------------
    */
    include("serverside.php");

    if (
    $_POST["login_uname"])
    {
        
    $_SESSION["uname"]=$_POST["login_uname"];
        
    $_SESSION["password"]=$_POST["login_password"];
    }
    validate_user();

    //insert rest of index page code here
    ?>
         
    //login.php code
    <?php
    include ("serverside.php");
    // insert whatever code you want to layout the rest of the page
      
    print( "        <div>\n" );
      print( 
    "          <br /> Login to begin\n" );
      print( 
    "          <form name='theform' action = \"index.php\" method = \"post\">\n" );
      print( 
    "            User Name:<br />\n" );
      print( 
    "            <center><td><input type = \"text\" name=\"login_uname\" /></center>\n" );
      print( 
    "            Password:<br />\n" );
      print( 
    "            <center><input type=\"password\" name=\"login_password\" /></center>\n" );
      print( 
    "            <center><input type = \"submit\" value = \"login\" /></center>\n" );
      print( 
    "          </form>\n" );
      print( 
    "        </div>\n" );
    // insert whatever code you want to layout the rest of the page
    ?>

    //Add this code to the top of each page in your site to verify the user is valid
    //this way if they try to go directly to some url burried in your site 
    // (example-- http://server.domain.com/celeb_jeopardy/go_for_it.php)
    //their Authenticity is verified, and if not they are bounced to the login page.
    <?php
    session_start
    ();
    //HOT :: Hot Open Tickets

    /* http://hotopentickets.sourceforge.net   
    // LICENSE
    //
    // This program is free software; you can redistribute it and/or
    // modify it under the terms of the GNU General Public License (GPL)
    // as published by the Free Software Foundation; either version 2
    // of the License, or (at your option) any later version.
    //
    // This program is distributed in the hope that it will be useful,
    // but WITHOUT ANY WARRANTY; without even the implied warranty of
    // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    // GNU General Public License for more details.
    //
    // To read the license please visit http://www.gnu.org/copyleft/gpl.html
    // ----------------------------------------------------------------------
    */
    include("serverside.php");

    if (
    $_POST["login_uname"])
    {
        
    $_SESSION["uname"]=$_POST["login_uname"];
        
    $_SESSION["password"]=$_POST["login_password"];
    }
    validate_user();

    //insert rest of page code here
    ?>

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Wow great. Want to post that to the WIKI here:

    http://wiki.zimbra.com/index.php?tit...Authentication
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Similar Threads

  1. PHP LDAP Address/Phone Book
    By phxmark in forum Developers
    Replies: 6
    Last Post: 08-31-2009, 09:54 AM
  2. Zimbra LDAP Password
    By ikmsupport in forum Administrators
    Replies: 0
    Last Post: 12-06-2006, 08:25 AM
  3. Help Please... Zimbra error message too slow...
    By nazeeronline in forum Installation
    Replies: 20
    Last Post: 09-06-2006, 06:35 PM
  4. using the zimbra LDAP for authentication
    By jakebriems in forum Administrators
    Replies: 3
    Last Post: 04-07-2006, 04:10 PM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •