การเชื่อมต่อ PSU Passport : PHP-LDAP

Written by

jatuporn.ch

in

วิธีการเชื่อมต่อ PSU Passport ด้วย PHP ผ่าน LDAPS

ทดสอบบน : Windows 2008 R2 / IIS 7.5

Code ดังนี้

Include Function ldappsu (ldappsu.php)

 <?php
//Function LDAPPSU Version 1.0.0
//Author : Jatuporn Chuchuay ISD CC PSU (Tel.2082)
//Update : 22/12/2014
// The LDAP server

// Authenticate the against server the domain\username and password combination.
function authenticate($server,$basedn,$domain,$username,$password)
{
 $auth_status = false;
 $i=0;
 while(($i<count($server))&&($auth_status==false)){
 $ldap = ldap_connect("ldaps://".$server[$i]) or 
 $auth_status = false;
 ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 $ldapbind = ldap_bind($ldap, $username."@".$domain,$password);
 if($ldapbind){
 if(empty($password)){
 $auth_status = false;
 }else{
 $result[0] = true;
 //Get User Info
 $result[1] = get_user_info($ldap,$basedn,$username);
 }
 }else{
 $result[0] = false;
 }
 ldap_close($ldap);
 $i++;
 }
 return $result;
}

function get_user_info($ldap,$basedn,$username)
{
 $user['cn'] = "";
 $user['dn'] = "";
 $user['accountname'] = "";
 $user['personid'] = "";
 $user['citizenid'] = "";
 $user['campus'] = "";
 $user['campusid'] = "";
 $user['department'] = "";
 $user['departmentid'] = "";
 $user['workdetail'] = "";
 $user['positionid'] = "";
 $user['description'] = "";
 $user['displayname'] = "";
 $user['detail'] = "";
 $user['title'] = "";
 $user['titleid'] = "";
 $user['firstname'] = "";
 $user['lastname'] = "";
 $user['sex'] = "";
 $user['mail'] = "";
 $user['othermail'] = "";
 $sr=ldap_search($ldap, $basedn, 
 "(&(objectClass=user)(objectCategory=person)(sAMAccountName=".$username."))", 
 array("cn", "dn", "samaccountname", "employeeid", "citizenid", "company",
 "campusid", "department", "departmentid", "physicaldeliveryofficename", "positionid", 
 "description", "displayname", "title", "personaltitle", "personaltitleid", "givenname", 
 "sn", "sex", "userprincipalname","mail"));
 $info = ldap_get_entries($ldap, $sr);

 $user['cn'] = $info[0]["cn"][0];
 $user['dn'] = $info[0]["dn"];
 $user['accountname'] = $info[0]["samaccountname"][0];
 $user['personid'] = $info[0]["employeeid"][0];
 $user['citizenid'] = $info[0]["citizenid"][0];
 $user['campus'] = $info[0]["company"][0];
 $user['campusid'] = $info[0]["campusid"][0];
 $user['department'] = $info[0]["department"][0];
 $user['departmentid'] = $info[0]["departmentid"][0];
 $user['workdetail'] = $info[0]["physicaldeliveryofficename"][0];
 $user['positionid'] = $info[0]["positionid"][0];
 $user['description'] = $info[0]["description"][0];
 $user['displayname'] = $info[0]["displayname"][0];
 $user['detail'] = $info[0]["title"][0];
 $user['title'] = $info[0]["personaltitle"][0];
 $user['titleid'] = $info[0]["personaltitleid"][0];
 $user['firstname'] = $info[0]["givenname"][0];
 $user['lastname'] = $info[0]["sn"][0];
 $user['sex'] = $info[0]["sex"][0];
 $user['mail'] = $info[0]["userprincipalname"][0];
 $user['othermail'] = $info[0]["mail"][0];
 return $user;
}
?>

Code หน้า Login (login.php)

<?php
//PSU Passport PHP-LDAP Weblogin Version 1.0.0
//Author : Jatuporn Chuchuay ISD CC PSU (Tel.2121)
//Update : 04/01/2013
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PSU Passport : PHP-LDAP example</title>
</head>
<body>
<?php
if(isset($_POST['username'])){
 //Include PHPLDAP Class File
 require "./ldappsu.php";
 //DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC5(RACK)-Surat,DC6(RACK)-Trang
 $server = array("dc2.psu.ac.th","dc7.psu.ac.th","dc1.psu.ac.th");
 $basedn = "dc=psu,dc=ac,dc=th";
 $domain = "psu.ac.th";
 $username = $_POST['username'];
 $password = $_POST['password'];
 //Call function authentication
 $ldap = authenticate($server,$basedn,$domain,$username,$password);
 if($ldap[0]){
 echo "<br/>>> User Profile <<<br/>";
 echo "Account Name : ".$ldap[1]['accountname']."<br/>";
 echo "Employee ID/Student ID : ".$ldap[1]['personid']."<br/>";
 echo "Citizen ID : ".$ldap[1]['citizenid']."<br/>";
 echo "CN : ".$ldap[1]['cn']."<br/>";
 echo "DN : ".$ldap[1]['dn']."<br/>";
 echo "Campus : ".$ldap[1]['campus']."(".$ldap[1]['campusid'].")<br/>";
 echo "Department : ".$ldap[1]['department']."(".$ldap[1]['departmentid'].")<br/>";
 echo "Work Detail : ".$ldap[1]['workdetail']."<br/>";
 echo "Position ID : ".$ldap[1]['positionid']."<br/>";
 echo "Description : ".$ldap[1]['description']."<br/>";
 echo "Display Name : ".$ldap[1]['displayname']."<br/>";
 echo "Detail : ".$ldap[1]['detail']."<br/>";
 echo "Title Name : ".$ldap[1]['title']."(".$ldap[1]['titleid'].")<br/>";
 echo "First Name : ".$ldap[1]['firstname']."<br/>";
 echo "Last Name : ".$ldap[1]['lastname']."<br/>";
 echo "Sex : ".$ldap[1]['sex']."<br/>";
 echo "Mail : ".$ldap[1]['mail']."<br/>";
 echo "Other Mail : ".$ldap[1]['othermail']."<br/>";
 }
}else{
?>
This area is restricted.<br>
Please login to continue.<br>

<form method='post' action=''>
Username: <input type='text' name='username' value=''><br>
Password: <input type='password' name='password'><br>
<br>
<input type='submit' name='submit' value='Submit'><br>
</form>
<?php
}
?>
</body>
</html>

**** บทความเก่าเชื่อมต่อผ่าน ADLDAP ด้วย ubuntu 12.04/Apache2 ****

1. หลังจากติดตั้ง Apache2 และ เปิด Module php5-ldap เรียบร้อยแล้ว

2. ทำการโหลดโปรแกรม adLDAP จาก Website : http://adldap.sourceforge.net/download.php (สำหรับ PHP 4 ให้โหลด Version 2.1)
   # cd /var/www 
   # wget http://downloads.sourceforge.net/project/adldap/adLDAP/adLDAP_4.0.4/adLDAP_4.0.4r2.zip
    # unzip adLDAP_4.0.4r2.zip

3. เปิดหน้าตัวอย่างการเข้าใช้งานได้ที่ https://localhost/adLDAP/examples/authenticate.php
(สำหรับ Web ตัวอย่างต้องใช้เป็น https เท่านั้น)

4. ทำการแก้ไขไฟล์ /var/www/adLDAP/src/adLDAP.php บรรทัดเหล่านี้

     … 
     protected $accountSuffix = “@psu.ac.th”;

      protected $baseDn = “DC=psu,DC=ac,DC=th”;
      …
      protected $domainControllers = array(“dc2.psu.ac.th”,”dc7.psu.ac.th”,”dc1.psu.ac.th”);
      …
      protected $useSSL = true;
      …

 (สำหรับรายการ DC ให้เลือก DC ใกล้ที่สุดก่อน DC3-ปัตตานี, DC4-ภูเก็ต,DC5-สุราษฎร์,DC6-ตรัง,DC1,2,7-หาดใหญ่)

5. กลับมาเข้าที่ Web  https://localhost/adLDAP/examples/authenticate.php อีกครั้งน่าจะสามารถใช้งานได้แล้ว

โดยสำหรับตัวนี้แนะนำว่าให้ใช้เฉพาะในส่วน authen เพราะในส่วนของการดึง Profile ยังค่อนข้างมีข้อจำกัด อยู่ ซึ่งถ้าอยากให้สามารถดึง Profile ได้ด้วย ผมแนะนำในส่วนของ Code ที่ผมเขียนขึ้นมาให้ โดยจะกล่าวในส่วนถัดไป

วิธีเรียกใช้งานไฟล์ Class AdLDAP (ให้ copy file จาก folder src ไปด้วย)

        include “./adLDAP.php”

วิธีเรียกใช้ Class AdLDAP

try {
$adldap = new adLDAP();
}catch(adLDAPException $e){
         echo $e;
         exit();
 }     

วิธี Authentication

if($adldap->authenticate($username,$password)){
         session_start();
         $_SESSION[“username”] = $username;
         …

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts