I'm not very experienced with using LDAP and have been looking at a few stack overflow questions and tried to piece some code together.
I'm using the PEAR LDAP2 package with my php. So far I have set up my filters, but im not searching for anything yet.
All I am trying to do is set up my connection to the server but when my code reaches:
$ldap= Net_LDAP2::connect($config);
The script freezes and produces a white screen. How can i fix this?
Script below:
<?php
include '../config/connection.php';
require_once '../Scripts/Net_LDAP2-2.0.12/Net/LDAP2/LDAP2.php';
//retrieve information from the form
$username = $_POST['username'];
$password = $_POST['password'];
$usernamefilter = Net_LDAP2_Filter::create('username', 'equals', $username);
$passwordfilter = Net_LDAP2_Filter::create('password', 'equals', $password);
$combinedFilter = Net_LDAP2_Filter::combine('and', array($usernamefilter, $passwordfilter));
echo "filters have been created. <br />";
// The configuration array:
$config = array (
'binddn' => 'username',
'bindpw' => 'password',
'basedn' => 'ou=People,dc=campus,dc=aston,dc=ac,dc=uk',
'host' => 'gc.campus.aston.ac.uk',
'filter' => $combinedFilter
);
echo "config array has been set up. <br />";
// Connecting using the configuration:
$ldap = Net_LDAP2::connect($config);
echo "connection to ldap has been sent. <br />";
// Testing for connection error
if (PEAR::isError($ldap)) {
die('Could not connect to LDAP-server: '.$ldap->getMessage());
}
Consider verifying that the LDAP directory server is correctly responding to LDAP client requests by using a known good client. ldapsearch as distributed by the vendor is the best choice for this task. Execute the following search to verify that the server is accepting connecting client connections and responding:
ldapsearch -h gc.campus.aston.ac.uk -p <your-port> \
-D the-distinguished-name -w password \
-b 'ou=People,dc=campus,dc=aston,dc=ac,dc=uk' \
-s base '(&)' 1.1
If this hangs, fails, or returns no entries, correct the problem and re-test until the above command succeeds.
Note: if you are using the old legacy OpenLDAP ldapsearch, add the -x command line option
Related
I have a .ldif file and want to import it using php script to my ldap.
So, i'm using that code:
$comm = "ldapadd -h 'localhost' -p 389 -D 'cn=admin,dc=example,dc=com' -w 'password' -f /var/www/html/test/ldap.ldif";
system($comm,$return);
echo $return;
I'm always getting error code 13 which is:
LDAP_CONFIDENTIALITY_REQUIRED: Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality.
Looking at ldapadd sintax found these options
-W: Wallet location for one- or two-way SSL authentication
-P Wallet password
-U SSL authentication mode: 1 for no authentication; 2 for one-way authentication; 3 for two-way authentication
But I don't know how or when I have to use them.
My .ldif file contain a lot of new entrys and through php code I couldn't use the:
$info["dn"] = $test;
Always getting errors about that $info["dn"] syntax, so then I gave up and start trying with terminal command.
Would really appreciate some help about it and sorry about my english.
Thank you.
A friend of mine found the answer.
About the code 13 error was missing an option at the end of the command which allows the TLS connection, so, the correct command line is:
ldapadd -h 'localhost' -p 389 -D 'cn=admin,dc=example,dc=com' -w 'password' -f /var/www/html/test/ldap.ldif -Z
So, the option -Z or -ZZ at the end enables the TLS and the error is gone, so it's working the input on ldap with my .ldif file
Thank you all.
How to enable the OCS Inventory interface described in OCS WebServices? Is there a sample code for using this Web Service in PHP?
The OCS interface is disabled by default, it is necessary to turn it on before use it. OCS has a core code developed in Perl and it runs over Apache HTTP.
First, edit the file /etc/apache2/conf-enabled/z-ocsinventory-server.conf changing the option value for OCS_OPT_WEB_SERVICE_ENABLED to 1.
If the web service is not enabled you should get a 401 Forbidden response. This is a SOAP WebService and there's no WSDL to describe the features, just the docs available in OCS WS Documentation.
Check if the location tag for /ocsinterface looks like the following snippet:
<Location /ocsinterface>
SetHandler perl-script
PerlHandler Apache::Ocsinventory::SOAP
# By default, you can query web service from everywhere with a valid user
Order deny,allow
Allow from all
AuthType Basic
AuthName "OCS Inventory SOAP Area"
# Use htpasswd to create/update soap-user (or another granted user)
AuthUserFile "/etc/apache2/passwd/soapinterface"
Require valid-user
</Location>
You should create a password for this location for security purposes, however, to turn the authentication off just comment out all Auth... and Require attributes.
Restart apache server, and use the PHP code below to test the web service integration
<?php
$proto = 'http';
$host = 'localhost';
$port = '80';
$user = ''; //basic authentication, if necessary
$pass = '';
$options = array(
'location' => "$proto://$host:$port/ocsinterface",
'uri' => "$proto://$host:$port/Apache/Ocsinventory/Interface",
'login' => $user,
'password' => $pass,
'trace' => TRUE,
'soap_version' => SOAP_1_1,
);
$request = '
<REQUEST>
<ENGINE>FIRST</ENGINE>
<ASKING_FOR>META</ASKING_FOR>
<CHECKSUM>131071</CHECKSUM>
<OFFSET>0</OFFSET>
<WANTED>131071</WANTED>
</REQUEST>';
try {
$client = new SoapClient(NULL, $options);
} catch (Exception $e) {
echo "<b>Construct Error</b>: " . $e->getMessage() . "<br>";
}
try {
$result = $client->get_computers_V1($request);
echo "<b>Headers:</b><pre>" . $client->__getLastRequestHeaders() . " </pre><br>";
echo "<b>Request:</b><pre>" . $client->__getLastRequest() . "</pre><br>";
echo "<b>Result:</b><pre>";
var_dump($result);
echo "</pre><br>";
} catch (Exception $e) {
echo "<b>Connection Error</b>: " . $e->getMessage() . "<br><br>";
echo "<b>Headers:</b><pre>\r\n" . $client->__getLastRequestHeaders() . " </pre><br>";
echo "<b>Request:</b><pre>\r\n" . $client->__getLastRequest() . "</pre>";
}
If you get a HTTP 500 Internal Server Error, check apache error log (tail -f /var/log/apache2/error.log -n 100) for the following error message:
Illegal field name 'APR::Table=HASH(0x7ff114bd75a8)' at /usr/local/share/perl/5.18.2/SOAP/Transport/HTTP2.pm line 103.\n
That error happens due to an incompatibility issue found in HTTP::Message perl module. The following links describes the problem and solution related to it:
http://ask.ocsinventory-ng.org/735/demande-dinformations-web-service-ocs-inventory
https://www.tnpi.net/support/forums/index.php?topic=1037.0
To fix it, you need to downgrade the HTTP::Message perl module to version 6.04. Use the command cpan -D HTTP::Message in your console to check which version you're using. This module version is a little bit old, so you won't find it in Search CPAN. In this regard, you should download the module HTTP-Message-6.04.tar.gz and install it manually by typing the following commands on your terminal:
decompress it using tar -zxf HTTP-Message-6.04.tar.gz
call the new directory cd HTTP-Message-6.04/
perl Makefile.PL
make
make test
make install
and finally, check if the module got downgraded successfully by typing cpan -D HTTP::Message(it should output ... Installed: 6.04 ...)
restart the server - service apache2 restart
Run the PHP snippet shown above to test it again.
I'm deploying a PHP app which uses Doctrine as ORM in Openshift. In my post_deploy action hook I run doctrine orm schema-tool to update the DB but I'm getting a Connection Timeout error.
As I'm farily new to Openshift, what is the best way to setup the database on Openshift?
UPDATE
I have two gears, one for the app and other for MySQL. I ssh into the app gear and ran
doctrine orm:schema-tool:update
Which results in a Connection Timeout error.
If I try
mysql -h $OPENSHIFT_MYSQL_DB_HOST
-p $OPENSHIFT_MYSQL_DB_PORT
-u $OPENSHIFT_MYSQL_DB_USERNAME
-P $OPENSHIFT_MYSQL_DB_PASSWORD
-
I get a prompt and the subsequent error after entering the MySQL password informed by Openshift.
Enter password:
ERROR 1049 (42000): Unknown database '<obsfucated_password>'
UDPATE 2:
As an unrelated thing pointed by Martin below, the mysql syntax is wrong. After fixing it I found that
mysql -u $OPENSHIFT_MYSQL_DB_USERNAME
-h $OPENSHIFT_MYSQL_DB_HOST
-P $OPENSHIFT_MYSQL_DB_PORT
-D $OPENSHIFT_APP_NAME
-p $OPENSHIFT_MYSQL_DB_PASSWORD
Results in
Enter password:
ERROR 1045 (28000): Access denied for user 'adminjbEnwMq'#'10.63.71.68' (using password: NO)
While runnning
mysql -u $OPENSHIFT_MYSQL_DB_USERNAME
-h $OPENSHIFT_MYSQL_DB_HOST
-P $OPENSHIFT_MYSQL_DB_PORT
-D $OPENSHIFT_APP_NAME
Connects successfully.
UPDATE 3
On the PHP side I'm running the following test code, thanks to this answer:
<?php
require_once "vendor/autoload.php";
require_once "vendor/doctrine/common/lib/Doctrine/Common/ClassLoader.php";
use Doctrine\DBAL\Configuration;
$config = new \Doctrine\DBAL\Configuration();
define('DB_HOST', getenv('OPENSHIFT_MYSQL_DB_HOST'));
define('DB_PORT',getenv('OPENSHIFT_MYSQL_DB_PORT'));
define('DB_USER',getenv('OPENSHIFT_MYSQL_DB_USERNAME'));
define('DB_PASS',getenv('OPENSHIFT_MYSQL_DB_PASSWORD'));
define('DB_NAME',getenv('OPENSHIFT_GEAR_NAME'));
$connectionParams = array(
'dbname' => DB_NAME,
'user' => DB_USER,
'password' => DB_PASS,
'host' => DB_HOST,
'driver' => 'pdo_mysql',
);
$conn = \Doctrine\DBAL\DriverManager::getConnection($connectionParams, $config);
var_dump($conn);
echo $conn->query("SHOW TABLES");
?>
And I get the same timeout error.
I cannot help you with your doctrine question, but the mysql command syntax is actually wrong.
Usage: mysql [OPTIONS] [database]
As you can see in your output, mysql is interpreting your password as the database name.
If you want to specify the optionas as you showed above you need to add an '=' between the option and the option-value.
mysql --host=$OPENSHIFT_MYSQL_DB_HOST
--port=$OPENSHIFT_MYSQL_DB_PORT
--user=$OPENSHIFT_MYSQL_DB_USERNAME
--password=$OPENSHIFT_MYSQL_DB_PASSWORD
If you want to add the database name to your command, the default database name is $OPENSHIFT_APP_NAME. Just add it at the end of your mysql command.
To see all the mysql options do mysql --help
Maybe it was because I was always working on this after 23hs, but this morning I realized I was not setting the port connection parameter. The following code works like a charm:
$dbParams = array(
'driver' => 'pdo_mysql',
'host' => getenv('OPENSHIFT_MYSQL_DB_HOST')?: '127.0.0.1',
'port' => getenv('OPENSHIFT_MYSQL_DB_PORT')?:'3306',
'user' => getenv('OPENSHIFT_MYSQL_DB_USERNAME')?: 'stpe',
'password' => getenv('OPENSHIFT_MYSQL_DB_PASSWORD')?: 'thefallen1',
'dbname' => getenv('OPENSHIFT_APP_NAME')?:'stpe',
);
I have installed php-libvirt as well as all required packages (I tried the remi rpm and compiling).
I have setup my php file as follows:
<?php
print_r ( libvirt_version() );
echo '<br>';
$uri="qemu+tcp:///system";
$credentials=array(VIR_CRED_AUTHNAME=>"fred",VIR_CRED_PASSPHRASE=>"fred");
echo ("Connecting to libvirt (URI:$uri)<BR>");
$conn=libvirt_connect($uri,false,$credentials);
if ($conn==false)
{
echo ("Libvirt last error: ".libvirt_get_last_error()."<br>");
exit;
} else {
$hostname=libvirt_get_hostname($conn);
echo ("hostname:$hostname<br>");
?>
However when I load the page I get:
Array ( [libvirt.release] => 2 [libvirt.minor] => 10 [libvirt.major] => 0 [connector.version] => 0.4.8 [connector.major] => 0 [connector.minor] => 4 [connector.release] => 8 )
Connecting to libvirt (URI:qemu+tcp:///system)
Libvirt last error: unable to connect to server at 'localhost:16509': Permission denied
It works fine from the command line when I run
# virsh -c qemu+tcp:///system list
Please enter your authentication name: fred
Please enter your password:
Id Name State
----------------------------------------------------
I have tried the command line from another server to make sure it would work remotely and it was fine.
I have tried fred#hostname and that didn't work. I have tried VIR_CRED_USERNAME and that also didn't work.
What could be the issue?
By default authentication mechanism for libvirtd TCP connection is SASL. Till now TCP connection is listening and now we have to configure SASL based authentication. Edit /etc/libvirt/libvirtd.conf, they are using auth_tcp = "none", but use auth_tcp = "sasl" if not done already. Now execute the following command.
sudo saslpasswd2 -a libvirt fred
Password: fred
Again (for verification): fred
In your case libvirtd is listening for a TCP connection, but some time we need to make some changes to make it listen on the given port. First link in the references will be useful for that.
References:
https://askubuntu.com/questions/423425/i-cant-use-libvirt-with-listen-tcp
http://libvirt.org/auth.html#ACL_server_username
https://www-01.ibm.com/support/knowledgecenter/linuxonibm/liabp/liabpkvmsecsrmsasl.htm
Okay I am stumped.
I am trying to write some PHP code to create a user in active directory with a password.
The PHP will run an Ubuntu server if it makes any difference talking to a Server 2008r2 Windows Domain Controller.
I can create the user no problems using PHP but I can not set the password. I have tried what feels like every possible code on the internet but it just will not work.
I believe that I have to create the user and then modify the password after. As a result I have the following code.
$domadlogin = 'domainadminusername';
$domadpw = 'a2b3c4d5e';
$domctrl = 'ldaps://DCIPADDRESS';
$ldapServer = $domctrl;
$ldapBase = 'OU=Users,DC=example,DC=co,DC=uk';
$ds = ldap_connect($ldapServer);
if (!$ds) {die('Cannot Connect to LDAP server');}
$ldapBind = ldap_bind($ds,$domadlogin,$domadpw);
if (!$ldapBind) {die('Cannot Bind to LDAP server');}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$dn_user='CN=Test User,OU=New Users,OU=Users,DC=example,DC=co,DC=uk';;
$newPassword = "1.Password!";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
{
$newPassw .= "{$newPassword{$i}}\000";
}
$newPassword = base64_encode($newPassw);
$userdata['unicodePwd'] = $newPassword;
$result = ldap_modify($ds, $dn_user, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";
ldap_unbind($ds);
I know that LDAPS is working as this works
ldapsearch -x -d 2 -LLL -H ldaps://DCIPADDRESS -b 'OU=Users,DC=example,DC=co,DC=uk' -D 'domainadminusername' -W '(sAMAccountName=username)'
Can anyone tell me what I am doing wrong.
Thanks
I'am not a PHP writer here some guidelines from one of a closed question I answered :
Using PHP, you can change or create a user with the good password an AD user password using LDAP with a simple bind on an SSL connexion.
For this you need to install a certificate on you AD server. The simple way (not the more attractive) is to install Microsoft Certificate Server on your domain (Enterprise installation see Configuring Microsoft Active Directory for SSL Access) and then to reboot your domain controler. You can also generate a certificate with OpenSSL and install it on the computer (see How to enable LDAP over SSL with a third-party certification authority).
Here is a sample of an LDIF File that allow to create a user with his password on an SSL connexion, you will find the way I generate the base 64 string for the password :
# Imported with :
# ldifde -i -t 636 -f .\Annuaire3.ldf
# Password generated by ("" must be encoded inside):
# stringconverter.exe \"test.2011\" /unicode /encode
# Connexion then tested with :
# runas /user:jdupont cmd.exe (password is test.2011)
dn: cn=Jean Dupont,OU=MonOU,DC=societe0,DC=fr
changetype: add
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jean Dupont
givenName: Jean
sn: Dupont
mail: jean.Dupont#societe.fr
telephoneNumber: 9999
userAccountControl: 544
sAMaccountName: jdupont
userPrincipalName: jdupont#societe.fr
unicodePwd:: IgB0AGUAcwB0AC4AMgAwADEAMQAiAA==