Web Hosting PHP - PHP4, PHP5 Programming Blog

employeenumber: 3123283622 telephonenumber: 666-767-2000 userpassword: faginm123 dn: mail=maryx@foowi.com, ou=Marketing, o=Foo Widgets, c=us cn: Mary sn: Xeyed objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson mail: maryx@foowi.com ou: Marketing employeenumber: 3223453622 telephonenumber: 111-767-2000 userpassword: maryx123 Also, if we use OpenLDAP for running the application, so as to effect access control, we need to add the following lines to slapd.conf and restart slapd: access to attr=userPassword by self write by anonymous auth by * none access to * by self write by dn=”cn=Admin,o=Foo Widgets,c=us” write by * read The first block indicates that any user can modify their own password and can bind anonymously to the server to authenticate against the password stored in the respository. The second block indicates that a given user can modify their attributes and so can the admin user. It also indicates that all users have read only access to all other attributes of all other entities thereby allowing any user to search the directory. For more information on access control in OpenLDAP, see the OpenLDAP administrator’s guide: http://www.openldap.org/doc/admin/. Page 524

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Sandzak jsp web hosting provider

} } else { displayErrMsg(”Connection to LDAP server failed!”); exit; } } } ?> A typical screen prompting the user to enter the attributes would look like the one below: We need to be aware of certain caveats with this application that arise from the fact that this is merely illustrative of the PHP LDAP API and not a fully-fledged production application. As mentioned before the use of HTTP sessions is highly recommended to indicate authentication status. Further users created using the add mechanism do not have a password field and so modification of such entries is not possible through the current mechanism. To get started with the application we could upload a sample set of user information into the directory using the ldapadd utility that comes with most LDAP client software and then work with it. A typical sample would look like: dn: o=Foo Widgets, c=us objectclass: top objectclass: organization o: Foo Widgets dn: ou=Engineering, o=Foo Widgets, c=us objectclass: top objectclass: organizationalUnit ou: Engineering dn: ou=Marketing, o=Foo Widgets, c=us objectclass: top objectclass: organizationalUnit ou: Marketing dn: mail=faginm@foowi.com, ou=Engineering, o=Foo Widgets, c=us cn: Fagin sn: Maddog objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson mail: faginm@foowi.com ou: Engineering Page 523
Quick Hint: If you are looking for best quality webspace to host and run your tomcat application check Vision tomcat hosting services

require(”empdir_common.php”); require(”empdir_functions.php”); At least, the name, e-mail, and department information should be entered. If this is not entered, we display an error and re-display the earlier form: if (!$cn || !$mail || !$ou) { generateHTMLHeader(”Please fill in fields: “); displayErrMsg(”Minimally Name, Dept. and E-mail fields are required!!”); generateHTMLForm(0, “empdir_add.php”, “ADD”); } else { We collect the attributes of the new entry to be added in an associative array: $entryToAdd[”cn”] = $cn; $entryToAdd[”sn”] = $sn; $entryToAdd[”mail”] = $mail; $entryToAdd[”employeenumber”] = $employeenumber; $entryToAdd[”ou”] = $ou; $entryToAdd[”telephonenumber”] = $telephonenumber; $entryToAdd[”objectclass”] = “person”; $entryToAdd[”objectclass”] = “organizationalPerson”; $entryToAdd[”objectclass”] = “inetOrgPerson”; Here we construct the DN corresponding to the new entry: $dnString = “mail=” . $mail . “,” . “ou=”. $ou . “,” . $baseDN; This is the root DN we shall bind to, before performing the add operation: $adminRDN = “cn=Admin,” . $baseDN; We connect to the server and bind as an administrator: $linkIdentifier = connectBindServer($adminRDN, $adminpassword); if ($linkIdentifier) { The actual addition is done here: if (ldap_add($linkIdentifier, $dnString, $entryToAdd) == true) { generateHTMLHeader(”The entry was added succesfully”); returnToMain(); } else { displayErrMsg(”Addition to directory failed !!”); closeConnection($linkIdentifier); returnToMain(); exit; Page 522
Note: If you are looking for cheap and quality provider to host and run your java application check Astra java hosting services

$dnString = “mail=” . urldecode($mail) . “,ou=” . urldecode($ou) . “,” . $baseDN; The script prompts the user for the administrator’s password since this is required for deleting entries from the directory: if (!isset($adminpassword)) { generateHTMLHeader(”Administrator action:”); promptPassword($mail, $ou, “empdir_delete.php”); return; } Here the DN of the administrator user is hard-coded. Ideally there can be a whole category of administrative users and the roles and privileges of these users can be managed by using the HTTP sessions in tandem with the LDAP implementation’s authentication and authorization mechanism: $adminRDN = “cn=Admin,” . $baseDN; We connect to the server and bind as the administrator user: $linkIdentifier = connectBindServer($adminRDN, $adminpassword); if ($linkIdentifier) { The actual deletion is performed using the DN string we constructed earlier: if (ldap_delete($linkIdentifier, $dnString) == true) { generateHTMLHeader(”The entry was deleted succesfully”); returnToMain(); } else { displayErrMsg(”Deletion of entry failed !!”); closeConnection($linkIdentifier); exit; } } else { displayErrMsg(”Connection to LDAP server failed!!”); exit; } ?> This script is invoked when the user clicks on the ADD button from the main screen:

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Sandzak jsp web hosting provider

edit these fields and click the MODIFY button: generateHTMLForm($resultEntry, “empdir_modify.php”, “MODIFY”); closeConnection($linkIdentifier); } else { This block gets executed as a result of submitting the afore-mentioned form. The new parameters are gathered into an associative array to be passed to the server: $dnString = “mail=” . $mail . “,” . “ou=”. $ou . “,” . $baseDN; $adminRDN = “cn=Admin,” . $baseDN; $newEntry[”cn”] = $cn; $newEntry[”sn”] = $sn; $newEntry[”employeenumber”] = $employeenumber; $newEntry[”telephonenumber”] = $telephonenumber; We connect to the server and bind as the user who’s DN is to be modified: $linkIdentifier = connectBindServer($dnString, $userpassword); if ($linkIdentifier) { if ((ldap_modify($linkIdentifier, $dnString, $newEntry)) == false) { displayErrMsg(”LDAP directory modification failed !!”); closeConnection($linkIdentifier); exit; } else { generateHTMLHeader(”The entry was modified succesfully”); returnToMain(); } } else { displayErrMsg(”Connection to LDAP server failed”); exit; } } ?> This is an example of a typical modification screen: This function is invoked when the user clicks the Delete link in the Edit column of the search results: Note: If you are looking for good and quality webspace to host and run your java application check professional java hosting services

$searchFilter); if ($resultEntries) { generateHTMLHeader(”Search Results:”); printResults($resultEntries); returnToMain(); } else { returnToMain(); } } else { displayErrMsg(”Connection to LDAP server failed !!”); closeConnection($linkIdentifier); exit; } } } ?> This is a sample screen of search results: This script is called when a user clicks on the Modify link in the Edit column of a search result:

Hint: If you are looking for very good and affordable webspace to host and run your j2ee hosting application check Sandzak.com j2ee web hosting services

($formValues) ? $formValues[0][”employeenumber”][0] : “”); printf(”Department:  
n”, ($formValues) ? $formValues[0][”ou”][0] : “”); printf(”Telephone:   
n”, ($formValues) ? $formValues[0][”telephonenumber”][0] : “”); If this function is called from the modification script, it outputs an extra text field for the password of the user modifying the entry corresponding to them: if ($submitLabel == “MODIFY”) { printf(”User Password:    
n”); } If the function is called from the script responsible for adding users, it outputs a text field to prompt the user for the administrator’s password: if ($submitLabel == “ADD”) { printf(”Admin Password:    
n”); } printf(”“, $submitLabel); printf(”

“); } This function merely provides a link to the main page: function returnToMain() { printf(”

printf(”
%s %s %s %s %s %s [Modify] [Delete]

n”, $resultEntries[$i][”cn”][0], $resultEntries[$i][”sn”][0], $resultEntries[$i][”mail”][0], $resultEntries[$i][”employeenumber”][0], $resultEntries[$i][”ou”][0], $resultEntries[$i][”telephonenumber”][0], $mailString, $ouString, $mailString, $ouString); } printf(”

n”); } This function is used by the script that creates a new entry and the script that modifies an existing entry. The function prints out a set of text fields that the user can fill or modify. In the modification case, preexisting values are provided as default values: function generateHTMLForm($formValues, $actionScript, $submitLabel) { printf(”

n", $actionScript);  printf("First Name:  
n”,  ($formValues) ? $formValues[0][”cn”][0] : “”);    printf(”Last Name:   
n”,    ($formValues) ? $formValues[0][”sn”][0] : “”);   printf(”E-mail:      
n”, ($formValues) ?  $formValues[0][”mail”][0] : “”);    printf(”Employee no.:
n”,   Page 516    
Hint: If you are looking for high quality webhost to host and run your jsp application check Vision web hosting jsp services

				

if ($noOfFieldsSet >= 2) { $searchFilter = “(&” .$searchFilter. “)”; } return $searchFilter; } This function; given a link identifier obtained from the connectBindServer()function and the search filter created by createSearchFilter(), performs a search on the directory: function searchDirectory($linkIdentifier, $searchFilter) { global $baseDN; $searchResult = ldap_search($linkIdentifier, $baseDN, $searchFilter); We count the search results to see if we got any entries at all: if (ldap_count_entries($linkIdentifier, $searchResult) <= 0) { displayErrMsg("No entries returned from the directory"); return 0; } else { $resultEntries = ldap_get_entries($linkIdentifier, $searchResult); return $resultEntries; } } This function prints the result of a search as an HTML table: function printResults($resultEntries) { printf("

n”); $noOfEntries = $resultEntries[”count”]; for ($i = 0; $i < $noOfEntries; $i++) { if (!$resultEntries[$i]["cn"] && !$resultEntries[$i]["sn"]) continue; $mailString = urlencode($resultEntries[$i]["mail"][0]); $ouString = urlencode($resultEntries[$i]["ou"][0]); Page 515
Note: If you are looking for cheapest and affordable webspace to host and run your servlet application check Astra j2ee hosting services

Posted in php4 | No Comments »