Home

Site Navigation
Identity & Access Projects Identity and Access Management Project Active Directory Remediation DNS Renewal Project Status Services Web Proxies Proxy Configuration Student Proxy DNS Resolving DNS Service Advertising DNS service Secondary DNS service IPAM Frequently asked questions Access Form Central Authentication Centaur DIT and Schema OpenLDAP client configuration Apache configuration PHP example Active Directory Active Directory Service Common Information FAQ Known Issues Information for IT Support Staff Information for End Users Account Registration System Known issues Decommissioned Services IPReg Frequently asked questions Access Form Past Projects IPAM Contact Details

Centaur - PHP example

Certificates

For information regarding configuration of certificates used by php for LDAPS connections see the OpenLDAP configuration page.

Sample code

The following sample code could be used in a PHP application to authenticate against Centaur:

simple authentication

<?php

$username = 'johnsmith';
$password = 'secret';
$ldap_uri = 'ldaps://centaur.unimelb.edu.au/';
$ldapconn = ldap_connect($ldap_uri)
    or die("Could not connect to $ldap_uri");
if (! ldap_bind($ldapconn,"uid=$username,ou=people,o=unimelb", $password)) {
    die("Failed to authenticate");
} else {
    print "Successfully authenticated";
    ...
    ...
}

?>

authentication using attributes for authorisation

You can also use the attributes in Centaur to make authorisation decisions. There are two ways of doing this:

1. Connect to Centaur, search for the user with a filter on an anonymously visible attribute (refer to schema page for which attributes have such visibility)


<?php 
$username = 'john smith'; 
$password = 'secret'; 
$ldap_uri = 'ldaps://centaur.unimelb.edu.au/'; 
$ldap_base_dn = "ou=people,o=unimelb"; 
$ldap_filter = "(&(uid=$username)(auEduPersonType=staff))"; 

$ldap_conn = ldap_connect($ldap_uri)
     or die("Could not connect to $ldap_uri"); 
$search_results = ldap_search($ldap_conn, $ldap_base_dn, $ldap_filter)
     or die("Search error"); 

if (ldap_count_entries($ldap_conn, $search_results) != 1) {
     // User does not exist or not a staff member
     die("Failed to authenticate"); 
} 

if (! ldap_bind($ldap_conn,"uid=$username,$ldap_base_dn", $password)) {
     die("Failed to authenticate"); 
} else {
     print "Successfully authenticated"; 
} 

?>

2. Connect to Centaur, bind as user (ie. authenticate successfully as user), retrieve all their attributes (a user has permission to view all their own attributes) and base authorisation decision on various attribute values.

simple authentication using PEAR framework

If you are using the PEAR Auth framework you could do something like the following:

<?php

$myauth = new Auth("LDAP", array (
   'url' => 'ldaps://centaur.unimelb.edu.au',
   'basedn' => 'ou=people,o=unimelb',
   'userattr' => 'uid'
));

?>

top of page

Information Services Identity & Access