Clarification of Question by
underachiever-ga
on
28 Jan 2003 02:29 PST
AUTHENTICATE
----------------
Note 1: Right now this pops up, we'd like to have a login page where
the user could see what is required (User: Password:). This user is in
ou=emp
Note 2: Auth Realm could be incorrect in these samples.
Note 3: After successful auth, a page displays all fields from LDIF
(Step 2, emprint)
<?php
$ldapconfig['host'] = '127.0.0.1';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=company,dc=com';
$ldapconfig['authrealm'] = 'modify';
function ldap_authenticate() {
global $ldapconfig;
global $PHP_AUTH_USER;
global $PHP_AUTH_PW;
global $result;
if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
$ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
$r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' .
$PHP_AUTH_USER);
if ($r) {
$result = @ldap_get_entries( $ds, $r);
if ($result[0]) {
if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) )
{
return $result[0];
}
}
}
}
header('WWW-Authenticate: Basic
realm="'.$ldapconfig['authrealm'].'"');
header('HTTP/1.0 401 Unauthorized');
return NULL;
}
if (($result = ldap_authenticate()) == NULL) {
echo('Wrong password');
exit;
}
?>
----------------
FORM
----------------
This form lists entries for this uid.
Until now he/she is in ou=emp, after Submit and writing to LDAP, we
write to ou=mail and delete this uid in ou=emp.
<form name="form1" action="empadd.php" method="post">
<table align="center" border="0" cellpadding="2" cellspacing="2"
width="560">
<tbody>
<tr>
<td colspan="2" width="552">
</td>
</tr>
</tbody><tbody>
<tr>
<td colspan="2" bgcolor="#009933" width="552">
<p align="center"><font color="#ffff00" size="4">Modify
Employee</font></p>
</td>
</tr>
<tr bgcolor="#eff8f7">
<td colspan="2" width="552"> </td>
</tr>
<tr bgcolor="#eff8f7">
<td width="107" height="30">Phone</td>
<td width="462" height="26"> ( <input
name="phone" size="3" maxlength="10"> )- <input type="text"
name="phone2" size="15" maxlength="8"> # <input type="text"
name="phone3" size="8" maxlength="5"></td>
</tr>
<tr bgcolor="#eff8f7">
<td width="106">Address</td>
<td width="440"> <input type="text" name="useruid"
size="18" maxlength="16"> @ company.com</td>
</tr>
<tr bgcolor="#eff8f7">
<td width="546" colspan="2"><br>
</td>
</tr>
<tr bgcolor="#eff8f7">
<td width="106">Password</td>
<td bgcolor="#eff8f7" width="440"><input type="password"
name="userpwd1" size="20" maxlength="8"></td>
</tr>
<tr bgcolor="#eff8f7">
<td width="546" colspan="2">
</td>
</tr>
<tr bgcolor="#eff8f7">
<td width="106">Password (confirm)<br>
</td>
<td width="440"><input type="password" name="userpwd2"
size="20" maxlength="8"></td>
</tr>
<tr bgcolor="#eff8f7">
<td colspan="2" width="552">
</td>
</tr>
<tr bgcolor="#eff8f7">
<td colspan="2" width="552">
<p align="left"><input type="submit" name="action"
value="Submit"><input type="reset" name="Submit2" value="">
</p>
</td>
</tr>
</tbody>
</table>
</form>
----------------
----------------
MODIFY
----------------
Note 1: empprint queries LDAP and prints out information contained in
editable form (pre-filled with LDAP data for this uid). That's the
form above.
Note 2: Some information we don't want to be editable (such as
employeeNumber). Changing at least one entry in the form (such as
employeeNumber) should be hidden field, then based on that sample
field we should be able to modify other entries to be editable by user
or hidden inside the form.
Note 3: the form currently does not contain logic to create mailhost
entry based on employeeNumber. ($uinfo["mailHost"] = $umachine;) Like
I said in Step2b, it should do some kind of cut (say, cut two digits
of employeeNumber beginning at 3rd digit from left) then create
mailhost info using if-else style (something like if $cut>0 and
$cut<34 then $mailhost="$mail1.company.com, elif $cut>33 and $cut<67
...)
Note 4: Password (which should be at least 6 digits) if possible
should be validated on client side (should support MS IE 5+)
<?php
$eprint = "emp_print.php";
$uds = ldap_connect("127.0.0.1");
$ur = ldap_bind($uds, "cn=admin,dc=company,dc=com","secret");
$udn = "dc=company,dc=com";
$ufilter="(uid=$useruid)";
$ur=ldap_search($uds, $udn, $ufilter);
$udata = ldap_get_entries($uds, $ur);
/* print $udata["count"]." entries returned<p>"; */
$uzero = $udata["count"];
if($uzero == "0"){
if($userpwd1 != $userpwd2){
echo "You entered two different passwords";
}
else{
$upass="{SHA}".base64_encode(mhash(MHASH_SHA1,$userpwd1));
$uldapconn = ldap_connect("127.0.0.1");
$umachine = "127.0.0.1";
if ($uldapconn) {
$uldhb = ldap_bind($uldapconn,
"cn=admin,dc=company,dc=com","secret");
$udn = "uid=". $useruid .",ou=mail,dc=company,dc=com";
$uinfo["uid"]=$useruid;
$uinfo["userpassword"] = $upass;
$uinfo["objectclass"] = "top";
$uinfo["objectclass"] = "person";
$uinfo["objectclass"] = "inetOrgPerson";
$uinfo["objectclass"] = "qmailUser";
$uinfo["mail"] = $useruid ."@" ."company.com";
$uinfo["mailHost"] = $umachine;
$uinfo["mailMessageStore"] = "/var/qmail/maildirs/".$useruid;
$uinfo["qmailUID"] = "600";
$uinfo["qmailGID"] = "600";
$uinfo["accountStatus"] = "active";
$uinfo["employeeNumber"] = "003400";
$uinfo["deliveryMode"] = "normal";
$uinfo["qmailDotMode"] = "ldaponly";
$uinfo["telephonenumber"] = "$phone"."-"."$phone2"."-"."$phone3";
$uldhb = ldap_add($uldapconn, $udn, $uinfo);
ldap_close($uldapconn);
include($eprint);
}
}
}
else {
echo "Update failed";
}
?>
