I have ldap working, my problem is the second half of my question.
The problem script workflow:
1. Authenticate on LDAP (Resolved)
2. Connect to different authenticated site for the user (Not sure where to go now.)
My guess was to send the post information to where the form action points to. Having done this, all I get is a blank page. I guess if PHP sends the post information then the client will be out of the authentication loop. There must be a better way. But I don't think I have enough information to know how to proceed.
Somehow I have to get the browser to send the http post rather than PHP. Is this possible.
Jeremy
P.S.
The script I am using right now incorporates Chris Alsop's class:
<!-- CLASS START -->
<?php
## Archive: c_http.class
## Description: Basic http class functions (only post right now)
## Author: Chris Alsop - chris@mindpointe.com (rumblefiz)
## Property Of: Everyone
## Date Created: 07/01/2001
## Mod History: 07/01/2001 Chris Alsop - Initial Coding
## ==========================================================================
class c_http {
## DECLARE CLASS VARIABLES ----------------
var $QUERY_STRING;
var $TARGET_DOMAIN;
var $TARGET_FILE;
var $RESPONSE;
## END CLASS VARIABLE DECLARATION ---------
## FUNCTION: c_http()
## ARGS: $psQueryString : String
## $psTargetDomain : String
## $psTargetFile : String
## ''''''''''''''''''''''''''''''''''''''''
function c_http($psQueryString,
$psTargetDomain,$psTargetFile) {
$this->QUERY_STRING = $psQueryString;
$this->TARGET_DOMAIN = $psTargetDomain;
$this->TARGET_FILE = $psTargetFile;
}
## END FUNCTION: c_http() *****************
## FUNCTION: post()
## ARGS: None
## RETURNS: Boolean
## ''''''''''''''''''''''''''''''''''''''''
function post() {
$qs = $this->QUERY_STRING;
$domain = $this->TARGET_DOMAIN;
$thefile = $this->TARGET_FILE;
if(!$fp = fsockopen($domain,80)) {
print "Socket not open<br>";
return false;
exit();
}
$postData = "POST http://$domain/$thefile HTTP/1.0\r\n";
$postData .= "Content-type: application/x-www-form-urlencoded\r\n";
$postData .= "Content-length: ".strlen($qs)."\r\n\r\n";
$postData .= $qs;
if(!fputs($fp,$postData)) {
return false;
exit();
}
$data = "";
while(!feof($fp)) $data .= fgets($fp,32000);
$pos = 0;
for($i=0; $i<2000; $i++) {
if(strtoupper(substr($data,$i,4)) == "\r\n\r\n") {
$pos = $i+4; $i = 2000;
}
}
$data = substr($data,$pos);
$base = "<base href ";
$base = $base . "=";
$base = $base . " 'http://$domain/' ";
$base = $base . ">";
if (eregi("<body",$data)) {
$data = eregi_replace("<body",$base."<BODY",$data);
} else {
$data = $base . $data;
}
$this->RESPONSE = $data;
fclose($fp);
return true;
}
## END FUNCTION: post() *******************
}
?>
<!-- CLASS END -->
<!-- Test Script -->
<?php
/*Form information I am trying to send to- example only
<form name="MyForm" action="login.php" method="post">
Please log into MyMBI
ID <INPUT TYPE="text" NAME="meuser" SIZE=15>
Password<INPUT TYPE="password" NAME="password" SIZE=15>
<INPUT TYPE="submit" VALUE="Sign in"><BR>
</FORM>
*/
//setting up the varibles
// print "hi test 1<p> ";
$post_info = "meuser=*******&password=******";
$oHttp = new c_http($post_info,"my.mbinet.net","/login.php");
if(!$oHttp->post()) {
echo "error";
}
echo $oHttp->RESPONSE;
// first arg is the query string you want to post. it must be urlencoded. if you want the current querystring you can use $QUERY_STRING. the second arg is the domain and the third is the file (or script) that is getting posted to.
?>
At 10:28 AM 1/9/2003 -0700, David Smith wrote:
Jeremy,
LDAP authentication happens in two stages: connect and bind. The connect
stage is just establishing a connection with the LDAP server
(ldap_connect()). No username or password is necesary in this stage.
Once your connection is established, you attempt a bind (ldap_bind())to
verify a username/password on the LDAP server. Here's some PHP code that
will do it or you:
<?php
$ldap_server = "example.com"; // change to your LDAP server host name
$ldap_port = 389; // might be different for your server
$pw = "yourpassword"; // change to your password
$dn = "cn=dave,ou=people,dc=example,dc=com"; // change to the dn you want to authenticate
$connect_result = ldap_connect( $ldap_server, $ldap_port );
// Did we connect?
if( ! $connect_result )
{
echo "Could not connect to '$server_name' on port '$server_port'";
}
$bind_result = ldap_bind( $connect_result, $admin_dn, $admin_pw );
// Did we bind?
if( ! $bind_result )
{
echo "Bad username/password";
}
else
{
echo "Correct username/password!";
}
?>
Here's some good documentation on the topic:
http://www.php.net/manual/en/ref.ldap.php
Let us know how it goes.
--Dave
On Thu, 2003-01-09 at 10:01, Jeremy Peterson wrote:
> I am working on a script that will authenticate on a central system my
> company has devised for us to use (LDAP) and then authenticate them to
> other sites that I want them to access (Online Databases and other
> electronic resources I do not control but pay lots of money for all
> students to access).
>
> I have seen this done on a product produced by Epixtech called RPA
> (Remote Patron Authentication). This is an authentication system that
> avoids using a proxy server. It basically handles the authentication
> (LDAP) and sends the appropriate information to the other secure
> source (Online Database, Electronic Resources, or my online catalog's
> patron information.) Typically there are multiple ways it will
> authenticate for the user to other resources. URL referer, ip
> authentication, fill in an user/password form for the user. I just
> can't get the user/password portion to work on a protected site. My tests
> of sending post information to another one of my scripts works fine. But
> it doesn't work as of yet.
>
> I have worked a bit with scripts that send post information through
> sendToHost function (fsockopen and fputs). But nothing is really
> working here. Does anyone know how I should go about this? All
> suggestions will be great!
>
>
> Thanks a bunch,
>
> Jeremy
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
