วิธีการเชื่อมต่อ PSU Passport ด้วย Joomla ผ่าน LDAPS Plugin
ทดสอบบน : Windows 2008 R2 / IIS 7.5 / Joomla 1.5.26/2.5.28/3.3.6
ก่อนอื่นขออธิบายนิดนะครับในส่วนการ Map Full Name
ชื่อ นามสกุล ภาษาไทย ให้ใช้ field = description
ชื่อ นามสกุล ภาษาอังกฤษ ให้ใช้ field = displayname
Joomla 1.5.26 Capture Authentication – LDAP Plugin Settings
(บทความเก่าทดสอบบน Ubuntu 12.04-Apache2)
Joomla 2.5.28 Capture Authentication – LDAP Plugin Settings
Joomla 3.3.6 Capture Authentication – LDAP Plugin Settings
วิธีการเชื่อมต่อ PSU Passport ด้วย ASP Classic ผ่าน LDAPS
ทดสอบบน : Windows 2008 R2 / IIS 7.5 / .NET 2.0
เนื่องจาก Code ค่อนข้างเยอะ ขอแป๊ะแค่ link ให้ Download File ดังนี้
Source Code : https://passport.psu.ac.th/ldap/dotnetpsuldap.7z
Password : psuldap#$%
วิธีการเชื่อมต่อ PSU Passport ด้วย ASP Classic ผ่าน LDAPS
ทดสอบบน : Windows 2008 R2 / IIS 7.5
Code ดังนี้
Class PSULdap (psuldap.inc)
<%
'PSU Passport ASP-LDAP Class Version 1.0.0
'Author : Jatuporn Chuchuay ISD CC PSU (Tel.2121)
'Update : 06/02/2013
Class PSULdap
Private strAdsPath
Private strUserName
Private strPassWord
Private strDC
Public Property Let AdsPath(sAdsPath)
strAdsPath = sAdsPath
End Property
Public Property Let UserName(sUserName)
strUserName = sUserName
End Property
Public Property Let PassWord(sPassWord)
strPassWord = sPassWord
End Property
Public Property Let DC(sDC)
strDC = sDC
End Property
Public Property Get vAdsPath
vAdsPath = strAdsPath
End Property
Public Property Get vUserName
vUserName = strUserName
End Property
Public Property Get vPassWord
vPassWord = strPassWord
End Property
Public Property Get vDC
vDC = strDC
End Property
Public Function LdapAuthen()
Dim objConn,objRS,objCom, strDescription, strLine, listDC, authenCheck, i
Dim MyVar(1,20)
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.provider ="ADsDSOObject"
objConn.Properties("User ID") = "psu\" & strUserName
objConn.Properties("Password") = strPassWord
objConn.Properties("Encrypt Password") = True
objConn.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objConn
listDC = Split(strDC,",",-1,1)
authenCheck = false
i = 0
While i <= UBound(listDC) and authenCheck = false
objCom.CommandText ="select sAMAccountname,cn," & _
"distinguishedName,employeeid,citizenid,company,campusid,department,departmentid," & _
"physicaldeliveryofficename,positionid,description,displayname,title,personaltitle," & _
"personaltitleid,givenname,sn,sex,userprincipalname,mail from 'LDAP://" & listDC(i) & _
":636/"+strAdsPath+"' where sAMAccountname='" & strUserName & "' and objectClass='user'"
On Error Resume Next
Set objRS = objCom.Execute
If Not Err.Number = 0 Then
MyVar(0,0) = false
MyVar(1,0) = Err.Description
'Debug
'Response.write listDC(i) & ":" & MyVar(0,0) & ":" & _
'MyVar(1,0) & "<br/>"
Else
MyVar(0,0) = true
'Debug
'Response.write listDC(i) & ":" & MyVar(0,0) & "<br/>"
authenCheck = true
End If
i = i + 1
Wend
If authenCheck = true Then
MyVar(1,0) = objRS("sAMAccountname")
MyVar(1,1) = objRS("cn")
MyVar(1,2) = objRS("employeeid")
MyVar(1,3) = objRS("citizenid")
MyVar(1,4) = objRS("company")
MyVar(1,5) = objRS("campusid")
MyVar(1,6) = objRS("department")
MyVar(1,7) = objRS("departmentid")
MyVar(1,8) = objRS("physicaldeliveryofficename")
MyVar(1,9) = objRS("positionid")
For Each strLine In objRS.Fields("description").Value
strDescription = strDescription & strLine
Next
MyVar(1,10) = strDescription
MyVar(1,11) = objRS("displayname")
MyVar(1,12) = objRS("title")
MyVar(1,13) = objRS("personaltitle")
MyVar(1,14) = objRS("personaltitleid")
MyVar(1,15) = objRS("givenname")
MyVar(1,16) = objRS("sn")
MyVar(1,17) = objRS("sex")
MyVar(1,18) = objRS("userprincipalname")
MyVar(1,19) = objRS("mail")
MyVar(1,20) = objRS("distinguishedName")
End If
LdapAuthen = MyVar
objRS.Close
objConn.Close
Set objRS = Nothing
Set objConn = Nothing
Set objCom = Nothing
End Function
End Class
%>
Code Login (default.asp)
<%@ Language=VBScript %>
<%
'PSU Passport ASP-LDAP Weblogin Version 1.0.0
'Author : Jatuporn Chuchuay ISD CC PSU (Tel.2121)
'Update : 06/02/2013
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PSU Passport : ASP-LDAP example</title>
</head>
<body>
<!-- #include file ="psuldap.inc" -->
<%
Response.CharSet = "TIS-620"
If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
Dim PSULdapCls, AuthenResult, SamAccountName, EmployeeID, CitizenID, CN, DN
Dim Campus, CampusID, Department, DepartmentID, WorkDetail, PositionID
Dim Description,DisplayName, Detail, Title, TitleID, FirstName, LastName
Dim Sex, Mail, Othermail
Set PSULdapCls = New PSULdap
PSULdapCls.AdsPath = "DC=psu,DC=ac,DC=th"
'DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC5(RACK)-Surat,DC6(RACK)-Trang
PSULdapCls.DC = "dc2.psu.ac.th,dc7.psu.ac.th,dc1.psu.ac.th"
PSULdapCls.UserName = Request.Form("username")
PSULdapCls.PassWord = Request.Form("password")
AuthenResult = PSULdapCls.LdapAuthen()
If AuthenResult(0,0) = True Then
SamAccountName = AuthenResult(1,0)
CN = AuthenResult(1,1)
EmployeeID = AuthenResult(1,2)
CitizenID = AuthenResult(1,3)
CampusID = AuthenResult(1,5)
WorkDetail = AuthenResult(1,8)
Department = AuthenResult(1,6)
DepartmentID = AuthenResult(1,7)
Campus = AuthenResult(1,4)
PositionID = AuthenResult(1,9)
Description = AuthenResult(1,10)
Displayname = AuthenResult(1,11)
Detail = AuthenResult(1,12)
Title = AuthenResult(1,13)
TitleID = AuthenResult(1,14)
FirstName = AuthenResult(1,15)
LastName = AuthenResult(1,16)
Sex = AuthenResult(1,17)
Mail = AuthenResult(1,18)
Othermail = AuthenResult(1,19)
DN = AuthenResult(1,20)
'Display
'On Error Resume Next
Response.write "Authentication OK" & "<br/>"
Response.write "<br/>>> User Profile <<<br/>"
Response.write "Account Name : " & SamAccountName & "<br/>"
Response.write "Employee ID/Student ID : " & EmployeeID & "<br/>"
Response.write "Citizen ID : " & CitiZenID & "<br/>"
Response.write "CN : " & CN & "<br/>"
Response.write "DN : " & DN & "<br/>"
Response.write "Campus : " & Campus & "(" & CampusID & ")<br/>"
Response.write "Department : " & Department & "(" & DepartmentID & _
")<br/>"
Response.write "Work Detail : " & WorkDetail & "<br/>"
Response.write "Position ID : " & PositionID & "<br/>"
Response.write "Description : " & Description & "<br/>"
Response.write "Display Name : " & DisplayName & "<br/>"
Response.write "Detail : " & Detail & "<br/>"
Response.write "Title Name : " & Title & "(" & TitleID & ")<br/>"
Response.write "First Name : " & FirstName & "<br/>"
Response.write "Last Name : " & LastName & "<br/>"
Response.write "Sex : " & Sex & "<br/>"
Response.write "Mail : " & Mail & "<br/>"
Response.write "Other Mail : " & Othermail & "<br/>"
Response.write "<br/><a href='./default.asp'>Back to Login Page</a><br/>"
Else
Response.write "Authentication Failed" & "<br/>"
Response.write "Reason : " & AuthenResult(1,0) & "<br/>"
End If
Else
%>
This area is restricted.<br>
Please login to continue.<br>
<form method='post' action=''>
Username: <input type='text' name='username' value=''><br>
Password: <input type='password' name='password'><br>
<br>
<input type='submit' name='submit' value='Submit'><br>
</form>
<%
End If
%>
</body>
</html>
ทำไมต้องลง Vmware Tools
Vmware Tools เปรียบเสมือน การลง driver ที่ทำให้การใช้งานราบรื่นทั้ง GUI และ Network รวมถึงเกี่ยวกับ อุปกรณ์ต่าง ๆ เช่น mouse, usb และการแสดงผล โดยที่สำคัญที่สุดคือสามารถใช้งานได้อย่างมีประสิทธิภาพสูงสุด
วิธีนี้ใช้ได้กับทั้ง vmware server ที่เสียตังค์และฟรีนะครับ แต่วิธีที่ยกมาเป็นแบบที่เสียตังค์แต่สามารถ apply กันได้ครับ โดยทำดังนี้ครับ
1. Login เข้าเครื่อง ทำการ apt-get update ให้เรียบร้อย
# apt-get update # apt-get upgrade
วิธีการเชื่อมต่อ PSU Passport ด้วย PHP ผ่าน LDAPS
ทดสอบบน : Windows 2008 R2 / IIS 7.5
Code ดังนี้
Include Function ldappsu (ldappsu.php)
<?php
//Function LDAPPSU Version 1.0.0
//Author : Jatuporn Chuchuay ISD CC PSU (Tel.2082)
//Update : 22/12/2014
// The LDAP server
// Authenticate the against server the domain\username and password combination.
function authenticate($server,$basedn,$domain,$username,$password)
{
$auth_status = false;
$i=0;
while(($i<count($server))&&($auth_status==false)){
$ldap = ldap_connect("ldaps://".$server[$i]) or
$auth_status = false;
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapbind = ldap_bind($ldap, $username."@".$domain,$password);
if($ldapbind){
if(empty($password)){
$auth_status = false;
}else{
$result[0] = true;
//Get User Info
$result[1] = get_user_info($ldap,$basedn,$username);
}
}else{
$result[0] = false;
}
ldap_close($ldap);
$i++;
}
return $result;
}
function get_user_info($ldap,$basedn,$username)
{
$user['cn'] = "";
$user['dn'] = "";
$user['accountname'] = "";
$user['personid'] = "";
$user['citizenid'] = "";
$user['campus'] = "";
$user['campusid'] = "";
$user['department'] = "";
$user['departmentid'] = "";
$user['workdetail'] = "";
$user['positionid'] = "";
$user['description'] = "";
$user['displayname'] = "";
$user['detail'] = "";
$user['title'] = "";
$user['titleid'] = "";
$user['firstname'] = "";
$user['lastname'] = "";
$user['sex'] = "";
$user['mail'] = "";
$user['othermail'] = "";
$sr=ldap_search($ldap, $basedn,
"(&(objectClass=user)(objectCategory=person)(sAMAccountName=".$username."))",
array("cn", "dn", "samaccountname", "employeeid", "citizenid", "company",
"campusid", "department", "departmentid", "physicaldeliveryofficename", "positionid",
"description", "displayname", "title", "personaltitle", "personaltitleid", "givenname",
"sn", "sex", "userprincipalname","mail"));
$info = ldap_get_entries($ldap, $sr);
$user['cn'] = $info[0]["cn"][0];
$user['dn'] = $info[0]["dn"];
$user['accountname'] = $info[0]["samaccountname"][0];
$user['personid'] = $info[0]["employeeid"][0];
$user['citizenid'] = $info[0]["citizenid"][0];
$user['campus'] = $info[0]["company"][0];
$user['campusid'] = $info[0]["campusid"][0];
$user['department'] = $info[0]["department"][0];
$user['departmentid'] = $info[0]["departmentid"][0];
$user['workdetail'] = $info[0]["physicaldeliveryofficename"][0];
$user['positionid'] = $info[0]["positionid"][0];
$user['description'] = $info[0]["description"][0];
$user['displayname'] = $info[0]["displayname"][0];
$user['detail'] = $info[0]["title"][0];
$user['title'] = $info[0]["personaltitle"][0];
$user['titleid'] = $info[0]["personaltitleid"][0];
$user['firstname'] = $info[0]["givenname"][0];
$user['lastname'] = $info[0]["sn"][0];
$user['sex'] = $info[0]["sex"][0];
$user['mail'] = $info[0]["userprincipalname"][0];
$user['othermail'] = $info[0]["mail"][0];
return $user;
}
?>
Code หน้า Login (login.php)
<?php
//PSU Passport PHP-LDAP Weblogin Version 1.0.0
//Author : Jatuporn Chuchuay ISD CC PSU (Tel.2121)
//Update : 04/01/2013
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PSU Passport : PHP-LDAP example</title>
</head>
<body>
<?php
if(isset($_POST['username'])){
//Include PHPLDAP Class File
require "./ldappsu.php";
//DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC5(RACK)-Surat,DC6(RACK)-Trang
$server = array("dc2.psu.ac.th","dc7.psu.ac.th","dc1.psu.ac.th");
$basedn = "dc=psu,dc=ac,dc=th";
$domain = "psu.ac.th";
$username = $_POST['username'];
$password = $_POST['password'];
//Call function authentication
$ldap = authenticate($server,$basedn,$domain,$username,$password);
if($ldap[0]){
echo "<br/>>> User Profile <<<br/>";
echo "Account Name : ".$ldap[1]['accountname']."<br/>";
echo "Employee ID/Student ID : ".$ldap[1]['personid']."<br/>";
echo "Citizen ID : ".$ldap[1]['citizenid']."<br/>";
echo "CN : ".$ldap[1]['cn']."<br/>";
echo "DN : ".$ldap[1]['dn']."<br/>";
echo "Campus : ".$ldap[1]['campus']."(".$ldap[1]['campusid'].")<br/>";
echo "Department : ".$ldap[1]['department']."(".$ldap[1]['departmentid'].")<br/>";
echo "Work Detail : ".$ldap[1]['workdetail']."<br/>";
echo "Position ID : ".$ldap[1]['positionid']."<br/>";
echo "Description : ".$ldap[1]['description']."<br/>";
echo "Display Name : ".$ldap[1]['displayname']."<br/>";
echo "Detail : ".$ldap[1]['detail']."<br/>";
echo "Title Name : ".$ldap[1]['title']."(".$ldap[1]['titleid'].")<br/>";
echo "First Name : ".$ldap[1]['firstname']."<br/>";
echo "Last Name : ".$ldap[1]['lastname']."<br/>";
echo "Sex : ".$ldap[1]['sex']."<br/>";
echo "Mail : ".$ldap[1]['mail']."<br/>";
echo "Other Mail : ".$ldap[1]['othermail']."<br/>";
}
}else{
?>
This area is restricted.<br>
Please login to continue.<br>
<form method='post' action=''>
Username: <input type='text' name='username' value=''><br>
Password: <input type='password' name='password'><br>
<br>
<input type='submit' name='submit' value='Submit'><br>
</form>
<?php
}
?>
</body>
</html>
**** บทความเก่าเชื่อมต่อผ่าน ADLDAP ด้วย ubuntu 12.04/Apache2 ****
1. หลังจากติดตั้ง Apache2 และ เปิด Module php5-ldap เรียบร้อยแล้ว
2. ทำการโหลดโปรแกรม adLDAP จาก Website : http://adldap.sourceforge.net/download.php (สำหรับ PHP 4 ให้โหลด Version 2.1)
# cd /var/www
# wget http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0.4r2.zip
# unzip adLDAP_4.0.4r2.zip
3. เปิดหน้าตัวอย่างการเข้าใช้งานได้ที่ https://localhost/adLDAP/examples/authenticate.php
(สำหรับ Web ตัวอย่างต้องใช้เป็น https เท่านั้น)
4. ทำการแก้ไขไฟล์ /var/www/adLDAP/src/adLDAP.php บรรทัดเหล่านี้
…
protected $accountSuffix = “@psu.ac.th”;
…
protected $baseDn = “DC=psu,DC=ac,DC=th”;
…
protected $domainControllers = array(“dc2.psu.ac.th”,”dc7.psu.ac.th”,”dc1.psu.ac.th”);
…
protected $useSSL = true;
…
(สำหรับรายการ DC ให้เลือก DC ใกล้ที่สุดก่อน DC3-ปัตตานี, DC4-ภูเก็ต,DC5-สุราษฎร์,DC6-ตรัง,DC1,2,7-หาดใหญ่)
5. กลับมาเข้าที่ Web https://localhost/adLDAP/examples/authenticate.php อีกครั้งน่าจะสามารถใช้งานได้แล้ว
โดยสำหรับตัวนี้แนะนำว่าให้ใช้เฉพาะในส่วน authen เพราะในส่วนของการดึง Profile ยังค่อนข้างมีข้อจำกัด อยู่ ซึ่งถ้าอยากให้สามารถดึง Profile ได้ด้วย ผมแนะนำในส่วนของ Code ที่ผมเขียนขึ้นมาให้ โดยจะกล่าวในส่วนถัดไป
วิธีเรียกใช้งานไฟล์ Class AdLDAP (ให้ copy file จาก folder src ไปด้วย)
include “./adLDAP.php”
วิธีเรียกใช้ Class AdLDAP
try {
$adldap = new adLDAP();
}catch(adLDAPException $e){
echo $e;
exit();
}
วิธี Authentication
if($adldap->authenticate($username,$password)){
session_start();
$_SESSION[“username”] = $username;
…
}