For my login system, I would like to check a username and password against a remote LDAP server using PHP.
Can anyone tell me if just checking a user against LDAP will work on an inexpensive hosting plan from a company such as GoDaddy, 1&1, or Dreamhost?
Ex:
$objConn = ldap_connect($strDomain);
I don't want to run an LDAP server, just simply use the LDAP functions of PHP to verify an account.
The best option would be to email their respective support departments and ask this exact question; I'm sure they'll be able to help you. Everyone's setup is likely to be different, so this is probably the best approach. As long as the support is compiled-in and you've got network connectivity to your LDAP host (which you should probably access over SSL/TLS, if possible), you should be fine.
I'm a 10+ yr Dreamhost client and had this same question. The response from DH Support team was less than helpful, but I found this nugget:
The cURL library ('libcurl') ... currently supports the http, https, ftp, gopher, telnet, dict, file, and ldap protocols.
Source: https://help.dreamhost.com/hc/en-us/articles/216688028-cURL-overview
Also, very helpful cURL debugging info at https://curl.haxx.se/docs/httpscripting.html
Haven't gotten the authentication worked out just yet, but I'm getting closer with this.
Related
I have a PHP application running with Nginx on a Linux server and it has a successful integration with my Active Directory using LDAP.
In the current scenario, the user is able to create a new login for the app or use his Windows credentials to log into the application.
Now, I'm trying to implement a complete Single-Sign On (SSO) and the user logged with his credentials in the Windows machine in the domain will be able to open the app logged without use the credentials again.
Doing some research on it, since my Linux server are not in the same domain, the best options is use NTLM (old and insecure), Kerberos protocol or Negotiate protocol (that will choose among NTLM and Kerberos for each request), depending on Windows version and what is implemented in the Domain Controller.
There is a lot of tutorials in the internet and also some good threads on the theme here in SO. This another link shows a good overview about the options using Apache as web server (for Kerberos option, I found a Nginx port, so this is not the main problem).
Well, I created some test application using these approaches (including all changes in the browser side, limited to Firefox), but all of then are dependents of Web Server (Apache, Nginx or even IIS). Since My app already has a complete integration with AD through LDAP, I'm interested in some Web Server independent solution. Are there any way to "bypass" the authentication in Web Server and get the information about the logged user direct on my PHP code (Client (Firefox) to Server (PHP))?
My best guesses for now are some type of "pure" PHP implementation of Kerberos, that needs of a PECL module or NTLM, that is insecure and still asks for the user credentials in the first request.
I know that maybe its impossible, but I'm asking it for the case that I missed something important information in this research. Is it possible to get the windows user info direct in PHP?
If you don't insist on nginx use Apache Web Server 2.4 with mod_auth_gssapi this is great, high quality code written by people who know what they do. I have been doing this for years for my PHP stuff.
I'm trying to set up PHP websockets on my website. This works great on my local WAMP server, but on my website I keep getting a warning:
unable to bind address [98]: Address already in use in"
I tried various libraries, but they all return this error.
My guess is that the port I'm using in isn't free. The problem is, that I cannot access terminal since this is a shared server (according to phpinfo() websockets are enabled, btw) so I can't look for free ports. Also tried to use port 0 - but no luck.
Thanks in advance!
EDIT:
For instance, this is some code using https://github.com/Flynsarmy/PHPWebSocket-Chat
// start the server
$Server = new PHPWebSocket();
$Server->bind('message', 'wsOnMessage');
$Server->bind('open', 'wsOnOpen');
$Server->bind('close', 'wsOnClose');
// for other computers to connect, you will probably need to change this to your LAN IP or external IP,
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME']))
$Server->wsStartServer($_SERVER['SERVER_ADDR'], 9300);
Well, Bluehost site writes: "We block access to certain ports to help avoid having security holes in the firewall...Purchasing a dedicated IP will allow us to grant you access to the ports you will need to run your specific services on.". The technical support guy told me otherwise. I guess case is closed. Thank you all for your time!
talhof9 I went through similar pain in trying to configure my shared hosting service, I didn't find a direct solution to get a shared *AMP server to support WebSockets, but I found a workaround that will at least let you test the commercial viability of the solution you are putting together (if that is indeed what you are looking for) without paying for all the headache of setting up,configuring and administering your own VPS.
Check out http://www.pusher.com for an easy websocket deployment library, that uses their Node server. The free sandbox version lets you play around to get it working, and once you want to test commercial viability you can upgrade to a paid plan.
Hope this helps!
(note I do not work for Pusher)
Most probably your hosting provider has, somehow, disabled PHP sockets. This makes sense because PHP is used to process webpages not create daemons and you're probably using a regular web hosting plan (not a dedicated server).
I would check in with your hosting provider - support forum or just call them.
I've checked with my current web host and they dont support LDAP in their PHP config because of security issues (!?) is there anything else i can do with PHP and my ldap server?
Well it sounds like you are exposing your own LDAP server - but perhaps on a differnt host?
OR
You mean they don't provide a version of PHP compiled with LDAP support to act as a client.
A few thoughts:
1) "Security Issues" is an easy excuse for anything. That is not to say the LDAP libraires don't require certain security measures, but to avoid a technology altogether is not the most elegant solution.
So I would scrutinize your selection of provider.
2) However, you can, assuming some elevated access (root, sudo) just compile your own version of PHP with LDAP
http://www.php.net/manual/en/ldap.installation.php
I'm trying to use OpenID on my site but I get this error:
Protocol https not supported or
disabled in libcurl
Can anyone please tell what does it mean? My website is running on shared linux hosting.
I use this script: http://gitorious.org/lightopenid
Thanks in advance
It means exactly what is says! Your Open ID implementation (lightopenid) wants to communicate securely with an Open ID server over HTTPS - HTTPS is an optional feature in PHP/Curl and your web host has not enabled this feature. Your options are to ask your hosting provider to enable this feature or to find an alternative which doesn't use Curl. For the latter option, you'll probably find that alternatives also don't have the HTTPS option enabled.
Finally, you may be able to tell lightopenid to not use HTTPS, thus sidestepping this problem, however this doesn't seem like a very robust solution to me, use this only on dev sites, never with real users' accounts.
I'm trying to wrap my brain about how to do this. We need to provide some files within a directory from our servers to our clients' servers via a PHP/Web interface using FTP. I've looked at the FTP capabilities built in to PHP and some custom classes, but someone suggested cURL might be a better option. We will have the FTP login credentials in our database for the application to access. With that information can we use cURL FTP capabilities to do the transfers, knowing our server has libcurl installed, but the clients servers may not? Do both servers have to have it for the FTP function to work?
Or am I completely going about this the wrong way, and have misunderstood how to use cURL and should be looking into an FTP PHP class?
libCURL is a library; it acts as the client.
Your clients need to be running a FTP server but do not need libCURL.
Just to make it super clear, there are 2 computers involved:
Your server, the one that's supposed to provide files to the client using the FTP protocol. That server does not need to have a web server (or PHP) running. The only thing it needs is an FTP server. It also needs to have permissions configured in such a way that there is an account that can access the files through FTP.
Your client's server, the one that's supposed to retrieve files from your server using the FTP protocol. That server needs to have PHP installed, with libCurl. The software on that server needs to access your server using the FTP protocol, providing the user credentials that you configured on your box.
Hope that helps.
It sounds like what you want to do is have the client connect to your PHP script & then push a button to start an FTP transfer that sends a file from your FTP server to their FTP server. If this is the case, then all you need is cURL on your server.