====== Exemple de code PHP ======
===== authentification =====
function authenticate($login,$passwd) {
$ds=ldap_connect("localhost");
$dn="uid=".$login.",ou=users,dc=univ-lehavre,dc=fr";
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,$dn,$passwd);
return $r ;
}
$res = authenticate("garfield","azerty");
echo $res ;
//disconnect
function disconnectLdap($ds) {
return ldap_unbind($ds) ;
}
===== Suppression =====
//del user
function delUser($dn) {
//authentification
$ds=ldap_connect("localhost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,"cn=admin,dc=univ-lehavre,dc=fr","azerty");
$res=ldap_delete($ds,$dn);
ldap_close($ds);
return $res ;
}
===== Ajout =====
function addGroup() {
//authentification
$ds=ldap_connect("localhost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,"cn=admin,dc=univ-lehavre,dc=fr","azerty");
//on indique l'endroit où ajouter l'element
$group_path="ou=groups,dc=univ-lehavre,dc=fr";
//on stocke les donnees dans un tableau
$info["objectclass"][0] = "posixGroup" ;
$info["cn"]="utilisateurs3" ;
$info["gidnumber"]="2025";
$dn="cn=".$info["cn"].",".$group_path ;
$res = ldap_add($ds, $dn, $info);
$res = ldap_err2str( ldap_errno($ds) );
//fermeture de la connexion
ldap_close($ds);
return $res ;
}
function addUser() {
//authentification
$ds=ldap_connect("localhost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,"cn=admin,dc=univ-lehavre,dc=fr","azerty");
var_dump($r);
//on indique l'endroit où ajouter l'element
$user_path="ou=users,dc=univ-lehavre,dc=fr";
//on stocke les donnees dans un tableau
$info["cn"] = "newuser" ;
$info["objectclass"][0] = "account" ;
$info["objectclass"][1] = "posixAccount" ;
$info["objectclass"][2] = "top" ;
$info["userpassword"] = "pass";
$info["loginshell"] = "/bin/bash" ;
$info["uidnumber"] = "123" ;
$info["gidnumber"] = "345" ;
$info["homedirectory"] = "/home/newuser" ;
$dn="uid=newuser,".$user_path ;
$res = ldap_add($ds, $dn, $info);
$res = ldap_err2str( ldap_errno($ds) );
//fermeture de la connexion
ldap_close($ds);
return $res ;
}
===== search =====
public function extractGroups($ds, $groups_dn, $filter) {
if($ds) {
$sr=ldap_search($ds, $groups_dn, $filter);
$allGroups = ldap_get_entries($ds, $sr);
}
return $allGroups ;
}
function list_of_people($host, $path, $userDn, $userPasswd) {
$ds=ldap_connect($host);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,$userDn,$userPasswd);
if($ds) {
$sr=ldap_search($ds, $path, "objectclass=*");
$info = ldap_get_entries($ds, $sr);
// Affiche toutes les données
foreach($info as $k=>$v) {
if(is_array($v)) {
foreach($v as $k1=>$v1) {
if(is_array($v1)) {
foreach($v1 as $k2=>$v2) {
echo $k1."=".$v2."
";
}
}
}
}
}
//affiche une partie des données
for ($i=0;$i<$info["count"];$i++) {
$res[$i]["uid"]=$info[$i]["uid"][0];
$res[$i]["cn"]=$info[$i]["cn"][0];
}
return $res ;
}
else {
return "Erreur de connexion" ;
}
}
list_of_people("monserveur.com", "ou=users,dc=univ-lehavre,dc=fr", "cn=admin,dc=univ-lehavre,dc=fr", "motdepasse")
* Donnees d'une personne
function show_a_person2($host, $uidPerson, $rootdn, $rootpasswd) {
$ds=ldap_connect("localhost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r=@ldap_bind($ds,"cn=admin,dc=univ-lehavre,dc=fr","azerty");
$sr=ldap_search($ds, $uidPerson, "objectclass=*");
$info = ldap_get_entries($ds, $sr);
$i=0;
if(count($info)>0) {
$res["cn"] = $info[$i]["cn"][0];
$res["gidnumber"] = $info[$i]["gidnumber"][0];
$res["homedirectory"] = $info[$i]["homedirectory"][0];
$res["loginshell"] = $info[$i]["loginshell"][0];
$res["uid"] = $info[$i]["uid"][0];
$res["uidnumber"] = $info[$i]["uidnumber"][0];
$res["userpassword"] = $info[$i]["userpassword"][0];
}
return $res ;
}
$profil = show_a_person2("localhost", "uid=gaetan,ou=users,dc=univ-lehavre,dc=fr", "cn=admin,dc=univ-lehavre,dc=fr", "azerty") ;
echo "" ;
foreach($profil as $k=>$v) {
echo "| ".$k." | ".$v." |
" ;
}
echo "
";
* Ajouter une personne dans le LDAP
/*
* Ajouter une personne dans le LDAP
*/
function ldapAddUser($login, $clearpass, $loginshell, $gidnumber, $uidnumber, $homedirectory) {
$host="";
$rootdn="";
$rootpasswd="";
$ds = ldap_connect($host);
if($ds) {
$r=ldap_bind($ds,$rootdn,$rootpasswd);
$info["uid"] = $login ;
$info["cn"] = $login ;
$info["objectClass"][0] = "account" ;
$info["objectClass"][1] = "posixAccount" ;
$info["objectClass"][2] = "top" ;
$info["userPassword"] = "{crypt}".constructPass($clearpass);
$info["loginShell"] = $loginshell ;
$info["uidNumber"] = $uidnumber ;
$info["gidNumber"] = $gidnumber ;
$info["homeDirectory"] = $homedirectory ;
$dn = "uid=".$login.",ou=people,ou=iut,ou=univ-lehavre,dc=fr";
$res = ldap_add($ds, $dn, $info);
$res = ldap_err2str( ldap_errno($ds) );
ldap_close($ds);
return $res ;
}
}
/**
* Genere un salt aléatoire de 8 caracteres
*/
function generateSalt($length) {
return substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
function constructPass($text) {
return crypt($text,'$1$'.generateSalt('8'));
}
* Controleur PHP
if($_SERVER['REQUEST_METHOD']=='POST') {
if(isset($_POST['f_submit'])) {
$res=authLdap($_POST['login'], $_POST['passwd']);
if($res) {
// creation d'une session
session_start();
$_SESSION['login'] = $_POST['login'] ;
header('Location:index.php');
exit ;
}
else {
echo "identifiant ou mot de passe incorrect" ;
}
}
}
else {
//code par défaut
}
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess