Novell Home

Authenticate Users against iPlanet

Novell Cool Solutions: Trench
By Scot Putney

Digg This - Slashdot This

Posted: 23 Jul 2003
 

We sync a 60,000+ user iPlanet Directory using DirXML and eDirectory 8.7 (without passwords). In order to obtain the NDS password, we have the users do a one-time authentication using a PHP script and LDAP (on the Novell Server). If they authenticate correctly, we create the NDS password. We also wanted all the authenticated users to be iFolder Enabled.

Here's how we did it.

The following code will authenticate against a iPlanet Directory. If successful, it will put that password into NDS for that user, and will also enable iFolder for that user.

If successful it will redirect to a success page, and if it fails for any reason, it will redirect to a failure page.

If the iFolder Space was already created you will get a warning, but the redirection happens so fast users will not see the warning.

Enable iFolder

-----Code to enable iFolder with PHP LDAP-----
$entry["ObjectClass"] = "iFolderUser";
$entry["iFolderServerName"] = "*";
$entry["acl"] ="7#entry#".$dn ."#iFolderServerName";
$result = ldap_mod_add($conn, $dn, $entry);
--------------------------

Entire Script

This is the entire script on the Novell Server that is running PHP to authenticate a user against iPlanet - import password into NDS - and enable iFolder if successful. If not successful, it provides a failure page.

--Start Script--

<?php

$ldapconfig['host'] = 'iPlanet.domain.tlc';
$ldapconfig['port'] = '10389';
$ldapconfig['basedn'] = 'ou=people,o=domain,o=domain';
$ldapconfig['authrealm'] = 'Appears in Authentication Box'; 


function ldap_authenticate() {
    global $ldapconfig;
    global $PHP_AUTH_USER;
    global $PHP_AUTH_PW;
    
    if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
        $ds = ldap_connect
		    ("host.domain.tlc:10389");
        $r=ldap_bind($ds, "uid=ldap_auth_user,
		  ou=people,o=domain,o=domain", 
		  "ldap_auth_password");
        $rs = @ldap_search( $ds, $ldapconfig
		    ['basedn'], 'uid=' . $PHP_AUTH_USER);
        if ($rs) {
            $result = @ldap_get_entries( $ds, $rs);
            if ($result[0]) {
                if (@ldap_bind( $ds, $result[0]
				 ['dn'], $PHP_AUTH_PW) ) {
                    return $result[0];
                }
            }
        }
    }
    header('WWW-Authenticate: Basic realm="
	    '.$ldapconfig['authrealm'].'"');
    header('HTTP/1.0 401 Unauthorized');
    return NULL;
}

if (($result = ldap_authenticate()) == NULL) {
?>
<HTML><HEAD></HEAD>
<BODY BGCOLOR="#FFFFFF">
<CENTER><html><head>
<title>HTML META tag refresh</title>
<meta http-equiv="Refresh" 
content="0;url=../failure.html">
</head><body>please wait<
/body></html>
<?php 
    
    exit(0);
}


$conn = ldap_connect("novellserver.domain.tlc") 
    or die("Could not connect to server. 
	Error is " . ldap_error($conn));  

 
$root_dn = "cn=ldap_admin_novell, o=context"; 
$root_pw = "ldap_admin_novell_password"; 

 
$r = ldap_bind($conn, $root_dn, $root_pw) 
    or die("Could not bind to server. 
	Error is " . ldap_error($conn));     


$info["userPassword"] = $PHP_AUTH_PW;


$dn = "cn=" . $PHP_AUTH_USER . ", ou=contxt, o=context";


$result = ldap_modify($conn, $dn, $info);


if($result) 
{

?>
<HTML><HEAD></HEAD><BODY BGCOLOR="#FFFFFF"><CENTER><html><head>
<title>HTML META tag refresh</title>
<meta http-equiv="Refresh" content="0;url=../success.html">
</head><body>please wait.. creating Folder Space....
<br><br>
If successful creates iFolder User Space<hr>
<br><br>

<?
$entry["ObjectClass"] = "iFolderUser";
$entry["iFolderServerName"] = "*";
$entry["acl"] ="7#entry#".$dn ."#iFolderServerName";
$result = ldap_mod_add($conn, $dn, $entry);
?>

</body></html>
<?php
}

else 
{
?>
<HTML><HEAD></HEAD><BODY BGCOLOR="#FFFFFF"><CENTER><html><head>
<title>HTML META tag refresh</title>
<meta http-equiv="Refresh" content="0;url=../failure.html">
</head><body>please wait</body></html>
<?php 
}

ldap_close($conn);

If you have any questions you may contact Scot at scot.putney@emich.edu


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell