BrianAbbott Posted January 10, 2008 Share Posted January 10, 2008 I don't quite know how to phrase this question... I am working with authentication against AD using mod_auth_SSPI and it does meet my needs as it returns upon authentication $_SERVER['REMOTE_USER']. I ran another script to output the "NAMES" (usernames) and the "FULL_NAMES" (full names in Active Directory) and it indicated the "JoeSmith" was index 105, so I go with that for this question as a reference point. (here is a snippet of the code) $server = ntuser_getdomaincontroller(); $users = ntuser_getuserlist($server); echo $users["105"]["FULL_NAME"]; e.g. Here is a bit of the code output after the AD Query using PHP users["105"] = Array * users["105"]["NAME"] = JoeSmith * users["105"]["FULL_NAME"] = Joe Smith * users["105"]["COMMENT"] = Systems Administrator So how can I determine the "JoeSmith" is in fact index #105? How do I index the multi-dimension array $users to figure out that I want 105 as in $users[105]["NAME"] = JoeSmith? Assuming I don't know what the Index is, how do I figure that out is the question. I appreciate your help. Link to comment https://forums.phpfreaks.com/topic/85284-indexing-multi-dimension-arrays/ Share on other sites More sharing options...
teng84 Posted January 10, 2008 Share Posted January 10, 2008 foreach($user as $key =>$val){ echo $key; foreach($user[$key] as $key2 => $val2){ echo $key2.$key2; } }// you can get all the value by modifying that a little Link to comment https://forums.phpfreaks.com/topic/85284-indexing-multi-dimension-arrays/#findComment-435137 Share on other sites More sharing options...
BrianAbbott Posted January 10, 2008 Author Share Posted January 10, 2008 Thanks for that, you are correct I can traverse the array until I find a match. After more time I was working with mod_auth_SSPI and I found that it is not as flexible or reliable as I had thought. For example,... <Location /> AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic On SSPIOmitDomain On SSPIDomain mydomain AuthName "A Protected Place" require valid-user </Location> ...worked but... <Location /http/> AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic On SSPIOmitDomain On SSPIDomain mydomain AuthName "A Protected Place" require valid-user </Location> ...would not work, it would not require authentication for that directory I found a script that someone else wrote and adapted it for testing and found that for me this works very well for basic authentication against Active Directory using the PHP LDAP extension. <?php error_reporting(1); session_start(); function authenticate() { header('WWW-Authenticate: Basic realm="Active Directory Login"'); header('HTTP/1.0 401 Unauthorized'); echo 'Sorry, you must login using the correct user and pass.'; echo '<br><br><a href="' . $PHP_SELF . '?logout=1">Click here</a> to try again.'; exit; } if(!isset($_SERVER['PHP_AUTH_USER']) || ($_GET['logout'] == 1 && isset($_SESSION['user']) && isset($_SESSION['domain']))){ session_unset(); authenticate(); } else { $_SESSION["domain"] = $domain = 'MYDOMAIN'; $_SESSION["user"] = strtoupper($_SERVER["PHP_AUTH_USER"]); $_SESSION["password"] = $_SERVER["PHP_AUTH_PW"]; $LDAPServerAddress1="192.168.1.xxx"; $LDAPServerAddress2="192.168.1.xxx"; $LDAPServerPort="389"; $LDAPServerTimeOut ="60"; $LDAPContainer="dc=mydomain,dc=com"; $BIND_username = "mydomain\\authaccountuser"; $BIND_password = "authaccountpass"; $filter = "sAMAccountName=".$_SESSION["user"]; $login_error_code = 0; if(($ds=ldap_connect($LDAPServerAddress1)) || ($ds=ldap_connect($LDAPServerAddress2))) { ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); if($r=ldap_bind($ds,$BIND_username,$BIND_password)) { if($sr=ldap_search($ds, $LDAPContainer, $filter, array('distinguishedName'))) { if($info = ldap_get_entries($ds, $sr)) { $BIND_username = $info[0]['distinguishedname'][0]; $BIND_password = $_SERVER["PHP_AUTH_PW"]; if ($r2=ldap_bind($ds,$BIND_username,$BIND_password)) { if($sr2=ldap_search($ds, $LDAPContainer, $filter, array("givenName","sn","mail","displayName"))) { if($info2 = ldap_get_entries($ds, $sr2)) { $_SESSION["name"] = $info2[0]["givenname"][0]." ".$info2[0]["sn"][0]; $_SESSION["email"] = $info2[0]["mail"][0]; $_SESSION["displayname"] = $info2[0]["displayname"][0]; } else { $login_error = "Could not read entries"; $login_error_code=1; } } else { $login_error = "Could not search"; $login_error_code=2; } } else { $login_error = "User password incorrect"; $login_error_code=3; } } else { $login_error = "User name not found"; $login_error_code=4; } } else { $login_error = "Could not search"; $login_error_code=5; } } else { $login_error = "Could not bind"; $login_error_code=6; } } else { $login_error = "Could not connect"; $login_error_code=7; } if($login_error_code > 0){ authenticate(); } else { echo 'Welcome ' . $_SESSION["displayname"]; echo '<br><br><a href="' . $PHP_SELF . '?logout=1">Click here</a> to logout and try again.'; } } ?> I cannot for the life of me find the original site, but above is the code I finally completed and it works very well on my domain. Disabled accounts will not authenticate, a very nice aspect. You must of course have correct use / pass. I forced the domain and I have two domain controllers so I did not need to add more. Link to comment https://forums.phpfreaks.com/topic/85284-indexing-multi-dimension-arrays/#findComment-435952 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.