具有LDAP身份验证的Codeigniter应用程序

Question

Without codeigniter i am able to use ldap_connect() but in the codeigniter project i want to use ldap connection for authenticating user with their windows username and password. Below is the code which is working perfect without codeigniter.

/******LDAP CONNECTIVITY STARTS HERE*********/
$ldaprdn = $_POST['uname']; // ldap rdn or dn
    $ldappass = $_POST['upass']; // associated password
    $ldaprdn = $_POST['uname'].'@domain.com';
    $ldapconn = ldap_connect("ip") or die("Could not connect to LDAP server."); //our ip
if ($ldapconn) {
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
        // verify binding
        if ($ldapbind) {
            //echo "<pre>";
            //print_r($row_login);
            //exit;

            $_SESSION['appusername']=$_POST['uname'];
            $_SESSION['emp_code']=$row_login['emp_code'];
            $_SESSION['emp_id']=$row_login['emp_id'];
            $_SESSION['emp_name']=$row_login['emp_name'];
            $_SESSION['emp_email']=$row_login['emp_email'];
            $_SESSION['emp_dept_id']=$row_login['emp_dept_id'];
            $_SESSION['emp_dept_name']=$row_login['dept_name'];
            $_SESSION['emp_group']=$row_login['emp_group'];
            $_SESSION['emp_category']=$row_login['emp_category'];

            $_SESSION['finance_app_authority']=$row_login['finance_approval_status'];
            $_SESSION['line_eng_status']=$row_login['line_eng_status'];

            $_SESSION['line_name']=$row_login['line_name'];
            $_SESSION['dept_name']=$row_login['dept_name'];

            if($row_login['emp_mod_status']=='Y'){ //if moderator means
                $_SESSION['userType']='MOD';
            }
            else if($row_login['emp_id']==$row_login['dept_hod_id']){ //if HOD means
                $_SESSION['userType']='HOD';
            }else{ //if normal user means
                $_SESSION['userType']='EMP';
            }
            echo '<script language="javascript">document.location.href="?p=main&m=it-home"</script>';
            exit;

        }
        else{
        echo '<div  class="man_style" style="width:50%;padding:10px 10px 10px 250px !important;text-align:center;color:red;">Invalid password.</div>';
        }
    }

All i want is to authenticate user by windows username and password in codeigniter. Suggest me a very simple way please.

I tried Auth_Ldap library but still i am getting an error

LDAP functionality not present. Either load the module ldap php module or use a php with ldap support compiled in.

I have used Auth_Ldap library file. the following config file Don't know where to give my host ip address

$config['account_suffix']       = '@abcd.com';
$config['base_dn']              = 'DC=domain,DC=local';
$config['domain_controllers']   = array ("server1.domain.local");
$config['ad_username']          = 'administrator';
$config['ad_password']          = 'password';
$config['real_primarygroup']    = true;
$config['use_ssl']              = false;
$config['use_tls']              = false;
$config['recursive_groups']     = true;


/* End of file adldap.php */
/* Location: ./system/application/config/adldap.php */

Your help is appreciated

Answer 1

I did not find the library you want to use (Auth_Ldap), but I found Auth_Ldap . Your config files differ, however. I downloaded the file and in this config you clearly got the ldap_uri, so that would be where your host ip goes I guess.

$config['ldap_uri'] = array('ldap://ldap.mycompany.com:389/');
// $config ['ldap_uri'] = array('ldaps://ldap.mycompany.com:636/');  <-- connect via SSL
$config['use_tls'] = true; // Encrypted without using SSL
$config['search_base'] = 'dc=mycompany,dc=com';
$config['user_search_base'] = array('ou=people,dc=mycompany,dc=com');  // Leave empty to use $config['search_base']
$config['group_search_base'] = array('ou=group,dc=mycompany,dc=com');  // Leave empty to use $config['search_base']
$config['user_object_class'] = 'posixAccount';
$config['group_object_class'] = 'posixGroup';
$config['user_search_filter'] = '';  // Additional search filters to use for user lookups
$config['group_search_filter'] = ''; // Additional search filters to use for group lookups
$config['login_attribute'] = 'uid';
$config['schema_type'] = 'rfc2307'; // Use rfc2307, rfc2307bis, or ad
$config['proxy_user'] = '';
$config['proxy_pass'] = '';
$config['roles'] = array(1 => 'User', 
                         3 => 'Power User',
                         5 => 'Administrator');
$config['auditlog'] = 'application/logs/audit.log';  // Some place to log attempted logins (separate from message log)

If all else fails and you are comfortable writing your very own library, that might also be an idea.

Update: I just noticed that the library fails in the _init() function:

private function _init() {
    // Verify that the LDAP extension has been loaded/built-in
    // No sense continuing if we can't
    if (! function_exists('ldap_connect')) {
        show_error('LDAP functionality not present.  Either load the module ldap php module or use a php with ldap support compiled in.');
        log_message('error', 'LDAP functionality not present in php.');
    }

I don't actually know why that would fail if the function cleary exists (and works) as you stated previously.

Answer 2

Hello,

Even if the question is more than an year old (and you probably found the answer by now), I will try to give some hints as it might help someone else.

The error you are seeing is because the php_ldap library is not enabled in your php.ini file. So, try to find in the php.ini the line ";extension=php_ldap.dll" and uncomment it by removing the ";" form the beginning.

Note: If you are using XAMPP (for windows), then after restarting it, PHP will probabbly complain about some dlls missing. To solve this problem you have to copy the following dll files from your php folder to apache/bin:

• libsasl.dll
• libeay32.dll
• ssleay32.dll (optional; for SSL)